RE: Question about authentication

> -Original Message- > From: Joe Hertz [mailto:[EMAIL PROTECTED] > Sent: Friday, August 27, 2004 10:01 AM > To: 'Struts Users Mailing List' > Subject: RE: Question about authentication > > > > > > > > THIS IS NOT A TOMCAT OR STRUTS IS

RE: Question about authentication

> > > THIS IS NOT A TOMCAT OR STRUTS ISSUE. THIS IS THE WAY THE > SPEC SAYS TO DO IT. > > Thank you for your time. Don't think I tried implied otherwise. Just that I've only seen how this works on Tomcat and that I wasn't speaking to other containers. But given that it's a spec thing I'm not

RE: Question about authentication

> -Original Message- > From: Joe Hertz [mailto:[EMAIL PROTECTED] > Sent: Friday, August 27, 2004 9:44 AM > To: 'Struts Users Mailing List' > Subject: RE: Question about authentication > > > > > > > My gripe with container managed authentica

RE: Question about authentication

> > > My gripe with container managed authentication for Tomcat > was the inability > > to have a login page I could show the user myself (it > redirected the user to > > one, but showing one yourself wasn't possible). I would > have used it myself > > if it did what I wanted. :-/ > > What's wrong

RE: Question about authentication

> -Original Message- > From: struts Dude [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 26, 2004 7:47 PM > To: Struts Users Mailing List > Subject: Re: Question about authentication > > > > - Original Message - > From: "David Suarez

RE: Question about authentication

> -Original Message- > From: struts Dude [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 26, 2004 7:51 PM > To: Struts Users Mailing List > Subject: Re: Question about authentication > > > > - Original Message - > From: "Emmanouil Batsis

Re: Question about authentication

- Original Message - From: "Joe Hertz" <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Sent: Friday, August 27, 2004 3:28 PM Subject: RE: Question about authentication > My gripe with container managed authentica

RE: Question about authentication

For some people the assumption is > their choice of servlet > container being used. > > > -Original Message- > > From: struts Dude [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 26, 2004 11:16 PM > > To: Struts Users Mailing List > > Subject:

RE: Question about authentication

oice of servlet container being used. > -Original Message- > From: struts Dude [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 26, 2004 11:16 PM > To: Struts Users Mailing List > Subject: Re: Question about authentication > > > Thanks Joe. Geee I wander why someone

Re: Question about authentication

; Sent: Friday, August 27, 2004 3:02 PM Subject: RE: Question about authentication > Take a look at http://www.securityfilter.org > > > Can u show me some links of tutorial on how to authenticate > > users using > > servlet filter?? > > > > I think

RE: Question about authentication

Take a look at http://www.securityfilter.org > Can u show me some links of tutorial on how to authenticate > users using > servlet filter?? > > I think servlet filter may be the most portable way for > authenticating user > since declarative authentication on web.xml is dependent on Tomcat.

Re: Question about authentication

- Original Message - From: "Emmanouil Batsis" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Thursday, August 26, 2004 12:57 AM Subject: Re: Question about authentication > I usually perform complex authentication/a

Re: Question about authentication

- Original Message - From: "David Suarez" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Friday, August 27, 2004 2:35 AM Subject: RE: Question about authentication > My question is, does it really matter? Does it

RE: Question about authentication

jsuarez -Original Message- From: Erik Weber [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 8:25 AM To: Struts Users Mailing List Subject: Re: Question about authentication If your JSPs are in a public document root, there is nothing (necessarily) preventing a user from accessi

RE: Question about authentication

That's my approach too - the JSPs will either break or do nothing if called directly. Pau; > -Original Message- > From: David Suarez [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 26, 2004 2:21 PM > To: Struts Users Mailing List > Subject: RE: Question about auth

Re: Question about authentication

ut. Let me know why you think that this is bad security practice. Regards...djsuarez -Original Message- From: Jim Barrows [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 4:49 PM To: Struts Users Mailing List Subject: RE: Question about authentication -Original Message

RE: Question about authentication

sers Mailing List Subject: RE: Question about authentication > -Original Message- > From: Steven Leija [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 25, 2004 2:15 PM > To: Struts Users Mailing List > Subject: RE: Question about authentication > > > I

Re: Question about authentication

Thanks to all who replied. I can't always count on u guys :D If I really did use the stupid approach on the job, I guess I am going to be fired on the spot. ;D Regards - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional

RE: Question about authentication

> -Original Message- > From: Steven Leija [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 25, 2004 2:15 PM > To: Struts Users Mailing List > Subject: RE: Question about authentication > > > I'm currently running into the same situation. If you added

Re: Question about authentication

noAccess *.jsp Erik Steven Leija wrote: I'm currently running into the same situation. If you added to your web-inf directory. Do you just create a dir called "jsp"? and treat that as your root? Is there any sort of special path or configuration needed for this? I'm using Tomc

RE: Question about authentication

I'm currently running into the same situation. If you added to your web-inf directory. Do you just create a dir called "jsp"? and treat that as your root? Is there any sort of special path or configuration needed for this? I'm using Tomcat 5.0. Thanks, Steven > Hi > I am going to use

RE: Question about authentication

> -Original Message- > From: struts Dude [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 25, 2004 5:50 AM > To: Struts Users Mailing List > Subject: Question about authentication > > > Hi > I am going to use custom tags for checking > access to Jsp, i

Re: Question about authentication

Hi, I'm fairly new to Struts, so if I'm wrong here, I hope the more experienced will correct me. If you extend the 'org.apache.struts.action.RequestProcessor' (or the 'org.apache.struts.tiles.TilesRequestProcessor' if you're using Tiles), then you can simply override the 'processPreprocess(.

Re: Question about authentication

I usually perform complex authentication/authorization related checks in a servlet filter and attach the results in simpler forms (i.e. boolean objects) in the request for actions to access. IMHO such checks should not exist in the JSP pages, even if performed by taglibs; a JSP page should not

Question about authentication

Hi I am going to use custom tags for checking access to Jsp, if no user/bean bean in session, then direct to login page. And I am also going to check admin bean again in Action before invoking life cycle methods on business beans. Now am I over kill with authentication?? I mean, if all JSP page