Re: Step by Step Struts 2 tutorial
Great Thanks a lot My company is just gonna start to use S2. I can sure use your demos to teach my colleges good job
Step by Step Struts 2 tutorial
Hi, i started Struts 2 tutorial http://www.onepd.com/ The Struts 2 tutorial will help the reader truly understand Struts 2 concepts, it starts with simple examples and explains not only how to use Struts' features, but also how certain features work under the hood; Integrates Struts 2 application with Tiles 2, Freemarker, Spring and Hibernate/JPA. 1. Apache Struts 2, Java SE Development Kit, Apache Tomcat 2. Eclipse IDE for Java EE Developers, Struts 2 tags 3. Model-View-Controller (MVC), Object-Graph Navigation Language (OGNL) 4. The Spring framework, Hibernate + Microsoft SQL Server 5. JUnit + MySQL 6. Tiles + Oracle, Oracle SQL Developer 7. CRUD, i18n Any suggestions or critiques are welcome. http://www.onepd.com -- View this message in context: http://www.nabble.com/Step-by-Step-Struts-2-tutorial-tp21117038p21117038.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: JAAS struts 2 Tutorial?
Better a late replay than none at all :) Is JAAS the best way to go, or there are better alternates? 'JAAS' encompasses a lot of stuff, so it depends what you are trying to do... Let me assume for the minute that you are talking about login/authentication... In this case, it depends whether you need your user to be authenticated to your J2EE container or not. (If for example you want to control authorisation to any EJBs that you call via their deployment descriptor, then you will need to be authenticated to the container ) JAAS will give you this, but unfortunately will require you to write a server specific LoginModule for every server you need to support. If, however, you don't need this, then something like Acegi (http://www.acegisecurity.org/) will give you a more portable solution cheers Perryn -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Muhammad Momin Rashid Sent: Wednesday, 12 September 2007 7:32 PM To: user@struts.apache.org Subject: JAAS struts 2 Tutorial? Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail and any attachments to it (the Communication) is, unless otherwise stated, confidential, may contain copyright material and is for the use only of the intended recipient. If you receive the Communication in error, please notify the sender immediately by return e-mail, delete the Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal with it. Any views expressed in the Communication are those of the individual sender only, unless expressly stated to be those of Australia and New Zealand Banking Group Limited ABN 11 005 357 522, or any of its related entities including ANZ National Bank Limited (together ANZ). ANZ does not accept liability in connection with the integrity of or errors in the Communication, computer virus, data corruption, interference or delay arising from or in respect of the Communication. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
In the web app I'm currently developing (which uses JAAS authentication), I've done the following: 1) Create an HttpServletRequestWrapper to override the isUserInRole method 2) Create an AnnotationRoles class to annotate my actions if they require particular roles 3) Create an AnnotationRolesInterceptor (as described in this forum) to determine if the user has the role required by the annotation What are the advantages of using acegi over this custom implementation? And what is the license model of acegi? Ian Roughley wrote: If you are not using container managed persistence, where the HttpRequest values are being set in the environment, you probably don't want to use the Principal or PrincipalAware interface, or even to wrap the HttpServletRequest (this email was in response to using a servlet wrapper to re-implement code already present in s2). Options I've used are creating an interceptor to access the security context (I've not used JAAS personally), and then create an annotation to signify actions/methods that need security information assigned to them. The same annotation, or another, could also be used to declaratively configure those actions that require a specific role from the security context in order to be invoked. /Ian Chris Pratt wrote: On 9/18/07, Ian Roughley [EMAIL PROTECTED] wrote: By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. But if you don't use Container Managed Authentication, how do you get the Principal into the request so that PrincipalAware can inject it, without using a ServletFilter? (*Chris*) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/JAAS-struts-2-Tutorial--tf4428234.html#a12858416 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
You can find the key features of acegi here - http://www.acegisecurity.org/. I see the advantages as being able to customize the authentication and authorization from within the scope of the web application, and not external configuration via an app server. But then, this also depends on the app server. /Ian wild_oscar wrote: In the web app I'm currently developing (which uses JAAS authentication), I've done the following: 1) Create an HttpServletRequestWrapper to override the isUserInRole method 2) Create an AnnotationRoles class to annotate my actions if they require particular roles 3) Create an AnnotationRolesInterceptor (as described in this forum) to determine if the user has the role required by the annotation What are the advantages of using acegi over this custom implementation? And what is the license model of acegi? Ian Roughley wrote: If you are not using container managed persistence, where the HttpRequest values are being set in the environment, you probably don't want to use the Principal or PrincipalAware interface, or even to wrap the HttpServletRequest (this email was in response to using a servlet wrapper to re-implement code already present in s2). Options I've used are creating an interceptor to access the security context (I've not used JAAS personally), and then create an annotation to signify actions/methods that need security information assigned to them. The same annotation, or another, could also be used to declaratively configure those actions that require a specific role from the security context in order to be invoked. /Ian Chris Pratt wrote: On 9/18/07, Ian Roughley [EMAIL PROTECTED] wrote: By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. But if you don't use Container Managed Authentication, how do you get the Principal into the request so that PrincipalAware can inject it, without using a ServletFilter? (*Chris*) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hi all, I think this is a generic problem rather than something Struts 2 specific. Ideally in this situation you would want to be able to access getRemoteUser() and isUserInRole() from the request. One approach is to use your application servers' container managed security, e.g. Tomcat JAASRealm. Alternatively, the best way I can come up with is by extending HttpServletRequestWrapper so that you can perform a setUserPrincipal(), setRemoteUser() (etc.) and then wrapping the request with your HttpServletRequestWrapper inside a ServletFilter. Here is a VERY simple example that I wrote of such a filter which sets up a user called test using this idea. https://bmarks-portlet.svn.sourceforge.net/svnroot/bmarks-portlet/bmarks-portlet/trunk/src/main/java/uk/ac/bris/portlet/bookmarks/web/SimpleAuthFilter.java However, since this relies on a ServletFilter you will require a slightly different mechanism for portlets. Mark On 9/17/07, Eugen Stoianovici [EMAIL PROTECTED] wrote: I would like a tutorial on integrating jaas in struts2 too. Or rather than a tutorial, i would like to see some working code. I've done a lot of reading (i'm new to java web applications, it's been only a month since i've started) and i have some understanding on how this should work but i just can't picture it yet in a real app. I know I'm not being helpful here, sorry. But if anyone wants to write a tutorial on this, it would be greatly appreciated regards Eugen Stoianovici Muhammad Momin Rashid wrote: Hello Tom, Thanks for your continued input. The application isn't simple, it is a J2EE application which will serve a large number of users (users will be using Web Browser or Mobile Device to access the application). Based on the help I got on this list, I have been successful in setting up JAAS and authenticating the user. Now I am just not sure if the user credentials are being kept. Following is the code I wrote which processes the user's login. Can you see what I am missing? I have placed the following code in the execute method of my action, perhaps it isn't the right place? Subject subject; Set principalList; String returnValue = SUCCESS; try { SecurityAssociationHandler handler = new SecurityAssociationHandler(); SimplePrincipal user = new SimplePrincipal(username); handler.setSecurityInfo(user, password.toCharArray()); LoginContext loginContext = new LoginContext(ContentPlatform, (CallbackHandler) handler); loginContext.login(); subject = loginContext.getSubject(); principalList = subject.getPrincipals(); principalList.add(user); System.out.println(o0o0o subject: + subject); System.out.println(o0o0o principle: + principalList); } catch (LoginException e) { e.printStackTrace(); returnValue = ERROR; } return returnValue; Regards, Muhammad Momin Rashid. tom tom wrote: If it's simple application, you dont need JAAS, You can do it via just session management isnt it? You might need user, role, user-role threee tables on database thats it :) If you are using Application server like Jboss, the server itself got inbuilt features, which is altogether a different discussion. If the application is simple, do not make it complicated, we use JASS with CAS central authentication service which provided SSO features. hope this helps --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote: what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
Re: JAAS struts 2 Tutorial?
On 9/18/07, Ian Roughley [EMAIL PROTECTED] wrote: By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. But if you don't use Container Managed Authentication, how do you get the Principal into the request so that PrincipalAware can inject it, without using a ServletFilter? (*Chris*) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. /Ian Mark McLaren wrote: Hi all, I think this is a generic problem rather than something Struts 2 specific. Ideally in this situation you would want to be able to access getRemoteUser() and isUserInRole() from the request. One approach is to use your application servers' container managed security, e.g. Tomcat JAASRealm. Alternatively, the best way I can come up with is by extending HttpServletRequestWrapper so that you can perform a setUserPrincipal(), setRemoteUser() (etc.) and then wrapping the request with your HttpServletRequestWrapper inside a ServletFilter. Here is a VERY simple example that I wrote of such a filter which sets up a user called test using this idea. https://bmarks-portlet.svn.sourceforge.net/svnroot/bmarks-portlet/bmarks-portlet/trunk/src/main/java/uk/ac/bris/portlet/bookmarks/web/SimpleAuthFilter.java However, since this relies on a ServletFilter you will require a slightly different mechanism for portlets. Mark On 9/17/07, Eugen Stoianovici [EMAIL PROTECTED] wrote: I would like a tutorial on integrating jaas in struts2 too. Or rather than a tutorial, i would like to see some working code. I've done a lot of reading (i'm new to java web applications, it's been only a month since i've started) and i have some understanding on how this should work but i just can't picture it yet in a real app. I know I'm not being helpful here, sorry. But if anyone wants to write a tutorial on this, it would be greatly appreciated regards Eugen Stoianovici Muhammad Momin Rashid wrote: Hello Tom, Thanks for your continued input. The application isn't simple, it is a J2EE application which will serve a large number of users (users will be using Web Browser or Mobile Device to access the application). Based on the help I got on this list, I have been successful in setting up JAAS and authenticating the user. Now I am just not sure if the user credentials are being kept. Following is the code I wrote which processes the user's login. Can you see what I am missing? I have placed the following code in the execute method of my action, perhaps it isn't the right place? Subject subject; Set principalList; String returnValue = SUCCESS; try { SecurityAssociationHandler handler = new SecurityAssociationHandler(); SimplePrincipal user = new SimplePrincipal(username); handler.setSecurityInfo(user, password.toCharArray()); LoginContext loginContext = new LoginContext(ContentPlatform, (CallbackHandler) handler); loginContext.login(); subject = loginContext.getSubject(); principalList = subject.getPrincipals(); principalList.add(user); System.out.println(o0o0o subject: + subject); System.out.println(o0o0o principle: + principalList); } catch (LoginException e) { e.printStackTrace(); returnValue = ERROR; } return returnValue; Regards, Muhammad Momin Rashid. tom tom wrote: If it's simple application, you dont need JAAS, You can do it via just session management isnt it? You might need user, role, user-role threee tables on database thats it :) If you are using Application server like Jboss, the server itself got inbuilt features, which is altogether a different discussion. If the application is simple, do not make it complicated, we use JASS with CAS central authentication service which provided SSO features. hope this helps --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote: what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Struts 2 tutorial
I'm trying to follow along the Struts 2 tutorial. The HelloWorld.java file starts this way: package tutorial; import com.opensymphony.xwork2.ActionSupport; public class HelloWorld extends ActionSupport { What's with com.opensymphony.xwork2.ActionSupport? I don't see anything like that in the Struts 2.0.9 package I downloaded. Did I miss something? -- Tim Slattery [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Struts 2 tutorial
It is in the xwork jar file. It comes with any of the struts apps (struts2-blank, struts2-showcase). Struts2 is heavily based on WebWork, which uses xwork. I am not sure if this will be re-factored out. -Wes -Original Message- From: Slattery, Tim - BLS [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 18, 2007 2:22 PM To: Struts Users Mailing List Subject: Struts 2 tutorial I'm trying to follow along the Struts 2 tutorial. The HelloWorld.java file starts this way: package tutorial; import com.opensymphony.xwork2.ActionSupport; public class HelloWorld extends ActionSupport { What's with com.opensymphony.xwork2.ActionSupport? I don't see anything like that in the Struts 2.0.9 package I downloaded. Did I miss something? -- Tim Slattery [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
If you are not using container managed persistence, where the HttpRequest values are being set in the environment, you probably don't want to use the Principal or PrincipalAware interface, or even to wrap the HttpServletRequest (this email was in response to using a servlet wrapper to re-implement code already present in s2). Options I've used are creating an interceptor to access the security context (I've not used JAAS personally), and then create an annotation to signify actions/methods that need security information assigned to them. The same annotation, or another, could also be used to declaratively configure those actions that require a specific role from the security context in order to be invoked. /Ian Chris Pratt wrote: On 9/18/07, Ian Roughley [EMAIL PROTECTED] wrote: By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. But if you don't use Container Managed Authentication, how do you get the Principal into the request so that PrincipalAware can inject it, without using a ServletFilter? (*Chris*) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Struts 2 tutorial
--- Wesley Wannemacher [EMAIL PROTECTED] wrote: Struts2 is heavily based on WebWork, which uses xwork. I am not sure if this will be re-factored out. Almost everything in S2 *is* XWork; I don't see how (or why) it would or could be refactored out. d. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hello Tom, Thanks for your continued input. The application isn't simple, it is a J2EE application which will serve a large number of users (users will be using Web Browser or Mobile Device to access the application). Based on the help I got on this list, I have been successful in setting up JAAS and authenticating the user. Now I am just not sure if the user credentials are being kept. Following is the code I wrote which processes the user's login. Can you see what I am missing? I have placed the following code in the execute method of my action, perhaps it isn't the right place? Subject subject; Set principalList; String returnValue = SUCCESS; try { SecurityAssociationHandler handler = new SecurityAssociationHandler(); SimplePrincipal user = new SimplePrincipal(username); handler.setSecurityInfo(user, password.toCharArray()); LoginContext loginContext = new LoginContext(ContentPlatform, (CallbackHandler) handler); loginContext.login(); subject = loginContext.getSubject(); principalList = subject.getPrincipals(); principalList.add(user); System.out.println(o0o0o subject: + subject); System.out.println(o0o0o principle: + principalList); } catch (LoginException e) { e.printStackTrace(); returnValue = ERROR; } return returnValue; Regards, Muhammad Momin Rashid. tom tom wrote: If it's simple application, you dont need JAAS, You can do it via just session management isnt it? You might need user, role, user-role threee tables on database thats it :) If you are using Application server like Jboss, the server itself got inbuilt features, which is altogether a different discussion. If the application is simple, do not make it complicated, we use JASS with CAS central authentication service which provided SSO features. hope this helps --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote: what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545469 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
I would like a tutorial on integrating jaas in struts2 too. Or rather than a tutorial, i would like to see some working code. I've done a lot of reading (i'm new to java web applications, it's been only a month since i've started) and i have some understanding on how this should work but i just can't picture it yet in a real app. I know I'm not being helpful here, sorry. But if anyone wants to write a tutorial on this, it would be greatly appreciated regards Eugen Stoianovici Muhammad Momin Rashid wrote: Hello Tom, Thanks for your continued input. The application isn't simple, it is a J2EE application which will serve a large number of users (users will be using Web Browser or Mobile Device to access the application). Based on the help I got on this list, I have been successful in setting up JAAS and authenticating the user. Now I am just not sure if the user credentials are being kept. Following is the code I wrote which processes the user's login. Can you see what I am missing? I have placed the following code in the execute method of my action, perhaps it isn't the right place? Subject subject; Set principalList; String returnValue = SUCCESS; try { SecurityAssociationHandler handler = new SecurityAssociationHandler(); SimplePrincipal user = new SimplePrincipal(username); handler.setSecurityInfo(user, password.toCharArray()); LoginContext loginContext = new LoginContext(ContentPlatform, (CallbackHandler) handler); loginContext.login(); subject = loginContext.getSubject(); principalList = subject.getPrincipals(); principalList.add(user); System.out.println(o0o0o subject: + subject); System.out.println(o0o0o principle: + principalList); } catch (LoginException e) { e.printStackTrace(); returnValue = ERROR; } return returnValue; Regards, Muhammad Momin Rashid. tom tom wrote: If it's simple application, you dont need JAAS, You can do it via just session management isnt it? You might need user, role, user-role threee tables on database thats it :) If you are using Application server like Jboss, the server itself got inbuilt features, which is altogether a different discussion. If the application is simple, do not make it complicated, we use JASS with CAS central authentication service which provided SSO features. hope this helps --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote: what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545469 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
If it's simple application, you dont need JAAS, You can do it via just session management isnt it? You might need user, role, user-role threee tables on database thats it :) If you are using Application server like Jboss, the server itself got inbuilt features, which is altogether a different discussion. If the application is simple, do not make it complicated, we use JASS with CAS central authentication service which provided SSO features. hope this helps --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote: what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545469 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote: what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS struts 2 Tutorial?
Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hi Muhammad, With respect to JAAS integration. Do you mean something like this? http://struts.apache.org/2.x/docs/how-do-i-obtain-security-details-jaas.html I'm new to Struts 2 but I would imagine you probably want an interceptor of some kind (RolesInterceptor, PrincipalAware etc.) to pass your authentication and authorization details into your Struts Actions. As regards Hibernate integration, I would imagine your best option would be to inject your Hibernate Data Access Object (DAO) into your Struts 2 application using Spring (or something like it, e.g. Guice). If you write your application following the usual IoC best practices you will end up with an application where it should be easy to replace Hibernate with something else (e.g. TopLink, iBATIS, JDBC[Template]). You should then be able to test this code away from the web and reuse it elsewhere. http://static.springframework.org/spring/docs/2.0.x/reference/orm.html#orm-hibernate http://struts.apache.org/2.0.9/docs/spring-plugin.html Alternatively here is an example of writing a Hibernate Aware Struts 2 Action. http://www.hibernate.org/51.html HTH Mark On 9/12/07, Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. -- Paradoxically, the more time saving abstractions you are using the more you actually have to know. - Simon Willison - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hello Mark, Thanks for your response. Actually I am writing a Web Application from Scratch, using Struts 2 and Hibernate. I need to implement security so that only authorised User can access the desired pages. The user names, passwords and their roles are stored in the database. I am looking for a tutorial that can guide me through implementation of JAAS based security for my web application. I am starting from scratch here. Regards, Muhammad Momin Rashid. Mark McLaren wrote: Hi Muhammad, With respect to JAAS integration. Do you mean something like this? http://struts.apache.org/2.x/docs/how-do-i-obtain-security-details-jaas.html I'm new to Struts 2 but I would imagine you probably want an interceptor of some kind (RolesInterceptor, PrincipalAware etc.) to pass your authentication and authorization details into your Struts Actions. As regards Hibernate integration, I would imagine your best option would be to inject your Hibernate Data Access Object (DAO) into your Struts 2 application using Spring (or something like it, e.g. Guice). If you write your application following the usual IoC best practices you will end up with an application where it should be easy to replace Hibernate with something else (e.g. TopLink, iBATIS, JDBC[Template]). You should then be able to test this code away from the web and reuse it elsewhere. http://static.springframework.org/spring/docs/2.0.x/reference/orm.html#orm-hibernate http://struts.apache.org/2.0.9/docs/spring-plugin.html Alternatively here is an example of writing a Hibernate Aware Struts 2 Action. http://www.hibernate.org/51.html HTH Mark On 9/12/07, Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Muhammad, Starting out from scratch should you use JAAS? I'm not a JAAS expert (I tend to use JASIG CAS which uses JAAS internally and SecurityFilter) but I imagine it all depends on your circumstances. From what I can gather if you need to reuse the exact same login mechanism for desktop applications, command line applications, applets, web applications and such then it is probably worth the effort to create a JAAS LoginModule and configure your web application to use that. Granted JAAS is a standard mechanism but it looks like it can be a complex mechanism at times. If your application is only ever going to be a web application then you are probably justified in producing a simpler homegrown solution (at least to start with). The example below shows one way to create a Struts 2 login interceptor using Spring. http://www.vitarara.org/cms/struts_2_cookbook/creating_a_login_interceptor In the example above the actual authentication is conducted by a Spring bean (securityManager). Using Spring's JDBCTemplates, LDAPTemplates, HibernateTemplate it is fairly simple to create beans that access various datasources in various ways. It would also be easy enough to extend the securityManager to access role information. Of course you can always access your JAAS login module via your Spring bean a later date if you so choose. HTH Mark On 9/12/07, Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Mark, Thanks for your response. Actually I am writing a Web Application from Scratch, using Struts 2 and Hibernate. I need to implement security so that only authorised User can access the desired pages. The user names, passwords and their roles are stored in the database. I am looking for a tutorial that can guide me through implementation of JAAS based security for my web application. I am starting from scratch here. Regards, Muhammad Momin Rashid. -- Paradoxically, the more time saving abstractions you are using the more you actually have to know. - Simon Willison - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hi Muhammad, Try searching my messages chronologically and you'll get plenty to start with! Muhammad Momin Rashid-2 wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/JAAS-struts-2-Tutorial--tf4428234.html#a12639734 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Excellent Struts 2 Tutorial
I added the link. To edit the Struts 2 documentation site directly, one needs to first file a Contributors License Agreement, and then we can add the Confluence account to the appropriate group. * http://cwiki.apache.org/confluence/display/WW/Editing+the+Documentation HTH, Ted http://www.husted.com/ted/blog/ On 7/3/07, Wesley Wannemacher [EMAIL PROTECTED] wrote: Sweet! I appreciate it! -Wes -Original Message- From: Musachy Barroso [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 03, 2007 3:22 PM To: Struts Users Mailing List Subject: Re: Excellent Struts 2 Tutorial Adding a link here will help people find it ;) http://struts.apache.org/2.x/docs/tutorials.html musachy On 7/3/07, Wesley Wannemacher [EMAIL PROTECTED] wrote: It's funny that you mention this, I just finished a set of articles on Struts2. I would appreciate feedback if you don't mind reading it... Hopefully I can help out some newbs. http://www.wantii.com/wordpress/?cat=3 -Wes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 03, 2007 1:14 PM To: Struts Users Mailing List Subject: Excellent Struts 2 Tutorial Guys -- After reading about everything I could get my hands on and looping through the code-build-deploy-try cycle until dizzy, I decided to drop $29.00 on the comprehensive S2 tutorial available at ArcTechhttp://www.arctechsoftware.com/tutorial/ The tutorial was clearly designed with the developer in mind. For instance, when you reach a place where you need to make changes to a seemingly unrelated bit of configuration, rather than leave you hanging, the author ties the pieces together right then and there. When snapping so many technologies together (Struts, Spring, Hibernate, Database, Server, Transactions, etc.) it's easy to leave the reader hanging in an ambiguous state. Not only does the author use a complete application, but he also provides actual support! That's right -- support! After studying his technique, I set off to develop a proof of concept Struts 2 application for my employer. Naturally, I had a few misunderstandings right out of the gate. I figured, having paid real money for this tutorial, perhaps I get get the tutorial company to throw me a clue as to why my code wasn't working quite right. After sending them several configuration files (on a Sunday afternoon nonetheless) I received an email with the lines of code that were wrong. I had the application running before the evening news! I know many of you are struggling just like I was with all the puzzle pieces that are Struts 2. If your time is worth minimum wage, you owe it to yourself to drop the $29.00 bucks for this tutorial and hit the ground running! -- Scott [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Excellent Struts 2 Tutorial
Guys -- After reading about everything I could get my hands on and looping through the code-build-deploy-try cycle until dizzy, I decided to drop $29.00 on the comprehensive S2 tutorial available at ArcTechhttp://www.arctechsoftware.com/tutorial/ The tutorial was clearly designed with the developer in mind. For instance, when you reach a place where you need to make changes to a seemingly unrelated bit of configuration, rather than leave you hanging, the author ties the pieces together right then and there. When snapping so many technologies together (Struts, Spring, Hibernate, Database, Server, Transactions, etc.) it's easy to leave the reader hanging in an ambiguous state. Not only does the author use a complete application, but he also provides actual support! That's right -- support! After studying his technique, I set off to develop a proof of concept Struts 2 application for my employer. Naturally, I had a few misunderstandings right out of the gate. I figured, having paid real money for this tutorial, perhaps I get get the tutorial company to throw me a clue as to why my code wasn't working quite right. After sending them several configuration files (on a Sunday afternoon nonetheless) I received an email with the lines of code that were wrong. I had the application running before the evening news! I know many of you are struggling just like I was with all the puzzle pieces that are Struts 2. If your time is worth minimum wage, you owe it to yourself to drop the $29.00 bucks for this tutorial and hit the ground running! -- Scott [EMAIL PROTECTED]
RE: Excellent Struts 2 Tutorial
It's funny that you mention this, I just finished a set of articles on Struts2. I would appreciate feedback if you don't mind reading it... Hopefully I can help out some newbs. http://www.wantii.com/wordpress/?cat=3 -Wes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 03, 2007 1:14 PM To: Struts Users Mailing List Subject: Excellent Struts 2 Tutorial Guys -- After reading about everything I could get my hands on and looping through the code-build-deploy-try cycle until dizzy, I decided to drop $29.00 on the comprehensive S2 tutorial available at ArcTechhttp://www.arctechsoftware.com/tutorial/ The tutorial was clearly designed with the developer in mind. For instance, when you reach a place where you need to make changes to a seemingly unrelated bit of configuration, rather than leave you hanging, the author ties the pieces together right then and there. When snapping so many technologies together (Struts, Spring, Hibernate, Database, Server, Transactions, etc.) it's easy to leave the reader hanging in an ambiguous state. Not only does the author use a complete application, but he also provides actual support! That's right -- support! After studying his technique, I set off to develop a proof of concept Struts 2 application for my employer. Naturally, I had a few misunderstandings right out of the gate. I figured, having paid real money for this tutorial, perhaps I get get the tutorial company to throw me a clue as to why my code wasn't working quite right. After sending them several configuration files (on a Sunday afternoon nonetheless) I received an email with the lines of code that were wrong. I had the application running before the evening news! I know many of you are struggling just like I was with all the puzzle pieces that are Struts 2. If your time is worth minimum wage, you owe it to yourself to drop the $29.00 bucks for this tutorial and hit the ground running! -- Scott [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Excellent Struts 2 Tutorial
Adding a link here will help people find it ;) http://struts.apache.org/2.x/docs/tutorials.html musachy On 7/3/07, Wesley Wannemacher [EMAIL PROTECTED] wrote: It's funny that you mention this, I just finished a set of articles on Struts2. I would appreciate feedback if you don't mind reading it... Hopefully I can help out some newbs. http://www.wantii.com/wordpress/?cat=3 -Wes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 03, 2007 1:14 PM To: Struts Users Mailing List Subject: Excellent Struts 2 Tutorial Guys -- After reading about everything I could get my hands on and looping through the code-build-deploy-try cycle until dizzy, I decided to drop $29.00 on the comprehensive S2 tutorial available at ArcTechhttp://www.arctechsoftware.com/tutorial/ The tutorial was clearly designed with the developer in mind. For instance, when you reach a place where you need to make changes to a seemingly unrelated bit of configuration, rather than leave you hanging, the author ties the pieces together right then and there. When snapping so many technologies together (Struts, Spring, Hibernate, Database, Server, Transactions, etc.) it's easy to leave the reader hanging in an ambiguous state. Not only does the author use a complete application, but he also provides actual support! That's right -- support! After studying his technique, I set off to develop a proof of concept Struts 2 application for my employer. Naturally, I had a few misunderstandings right out of the gate. I figured, having paid real money for this tutorial, perhaps I get get the tutorial company to throw me a clue as to why my code wasn't working quite right. After sending them several configuration files (on a Sunday afternoon nonetheless) I received an email with the lines of code that were wrong. I had the application running before the evening news! I know many of you are struggling just like I was with all the puzzle pieces that are Struts 2. If your time is worth minimum wage, you owe it to yourself to drop the $29.00 bucks for this tutorial and hit the ground running! -- Scott [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Hey you! Would you help me to carry the stone? Pink Floyd
RE: Excellent Struts 2 Tutorial
Sweet! I appreciate it! -Wes -Original Message- From: Musachy Barroso [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 03, 2007 3:22 PM To: Struts Users Mailing List Subject: Re: Excellent Struts 2 Tutorial Adding a link here will help people find it ;) http://struts.apache.org/2.x/docs/tutorials.html musachy On 7/3/07, Wesley Wannemacher [EMAIL PROTECTED] wrote: It's funny that you mention this, I just finished a set of articles on Struts2. I would appreciate feedback if you don't mind reading it... Hopefully I can help out some newbs. http://www.wantii.com/wordpress/?cat=3 -Wes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 03, 2007 1:14 PM To: Struts Users Mailing List Subject: Excellent Struts 2 Tutorial Guys -- After reading about everything I could get my hands on and looping through the code-build-deploy-try cycle until dizzy, I decided to drop $29.00 on the comprehensive S2 tutorial available at ArcTechhttp://www.arctechsoftware.com/tutorial/ The tutorial was clearly designed with the developer in mind. For instance, when you reach a place where you need to make changes to a seemingly unrelated bit of configuration, rather than leave you hanging, the author ties the pieces together right then and there. When snapping so many technologies together (Struts, Spring, Hibernate, Database, Server, Transactions, etc.) it's easy to leave the reader hanging in an ambiguous state. Not only does the author use a complete application, but he also provides actual support! That's right -- support! After studying his technique, I set off to develop a proof of concept Struts 2 application for my employer. Naturally, I had a few misunderstandings right out of the gate. I figured, having paid real money for this tutorial, perhaps I get get the tutorial company to throw me a clue as to why my code wasn't working quite right. After sending them several configuration files (on a Sunday afternoon nonetheless) I received an email with the lines of code that were wrong. I had the application running before the evening news! I know many of you are struggling just like I was with all the puzzle pieces that are Struts 2. If your time is worth minimum wage, you owe it to yourself to drop the $29.00 bucks for this tutorial and hit the ground running! -- Scott [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Hey you! Would you help me to carry the stone? Pink Floyd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
struts 2 tutorial and maven question
Hi! I am new to struts, maven etc. I am trying to follow the bootstrap tutorial for struts 2. I used the Maven Archetype to create a new application for the tutorial and everything worked fine except... - when I create the Login-validation.xml in my src/main/java/tutorial directory (where Login.java is), then use use maven to build a war file, it will not pick up the Login-validation.xml file and put it in the target/classes/tutorial directory. However, if I move the Login-validation.xml file to src/main/resources/tutorial...then maven does pick up the Login-validation.xml file and put it in the target/classes/tutorial directory. Can someone tell me * where are we supposed to keep the xxx-validation.xml files? * if they are supposed to be in the same directory as the java action classes, then what do I need to do to the default pom.xml file to make maven pick up these files and put them in the appropriate classes subdirectory? Thanks, Cecilia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]