You can try ServletFilter, http://www.securityfilter.org/, it's independent of container security, no need to touch server configuration file. And real easy to use.
Try use it in combination with assigning roles to action mapping from struts-config.xml and with Filter ( i.e. implements Filter ), then I doubt u will need container security anymore. There r also some good articles from www.javaworld.com about security in Struts. ----- Original Message ----- From: "jackie" <[EMAIL PROTECTED]> To: "Struts Developers List" <[EMAIL PROTECTED]> Sent: Wednesday, September 15, 2004 3:13 PM Subject: Container- based security > Hello Everyone, > > Can anyone help me to setup a container based security in Struts > application. I research that it involves using filter, then also the server > authentication. > Also a quote from this site, written by Ted > Husted: > http://www.jguru.com/faq/view.jsp?EID=471934 > "Answer > You can use either container-based security or form-based security to > authenticate users. With container-based security, the Web browser will > track the logins for you, and "replay" the credentials to the server > whenever they are required. If a browser hasn't been authenticated yet, it > will automatically display a simple login form. If the login passes, the > user's original request will proceed. This will also work properly if a user > tried to POST from a form to an action URI in a protected area. Once the > browser is authenticated, the POST proceeds normally. For applications that > manage their own logins, it is probably easier to insist that every single > page test for an authenticated user first, and redirect to the login page if > not. The Struts example application does this -- partially by use of an > application-specific custom tag (app:checkLogon) that performs this check at > the top of every page. The tag is application-specific, because the notion > of what constitutes a "logged on user" is application specific as well. " > > My project specs is, if the user is not login. then the user directly > link to a certain page, then it automatically goes to a login page... > > I used the Struts Tags <logic:present> but then It is not very reliable > and very tasky to do, and I like also to seperate the View part from the > Controller part. > > I find difficulty in setting out the filter... Also it is my first time > to used an authentication Struts Web App. I am not sure what is the right > filter or what kind of authetication that is appropriate in my app. > > Thanks! Anyhelp will be greatly appreciated! > > Cheers, > jack > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
