2009/3/11 Ashish Kulkarni :
> HiI was able to configure LDAP to do authentication, but how do i use
> UserDetailsService,
> is there any example of how to use this and implement it in my project to
> get user and role from DB2 database
I did that like this, extended DefaultLdapAuthoritiesPopulator
On Wed, Mar 11, 2009 at 3:23 PM, Ashish Kulkarni
wrote:
> HiI was able to configure LDAP to do authentication, but how do i use
> UserDetailsService,
> is there any example of how to use this and implement it in my project to
> get user and role from DB2 database
>
>
UserDetailsService is an inte
ot;petshop"
>> tutorial
>> page got me going.
>>
>> -Original Message-
>> From: Ashish Kulkarni [mailto:ashish.kulkarn...@gmail.com]
>> Sent: Wednesday, March 11, 2009 9:53 AM
>> To: Struts Users Mailing List
>> Subject: Re: [OT] Authorization and Authe
ing.
>
> -Original Message-
> From: Ashish Kulkarni [mailto:ashish.kulkarn...@gmail.com]
> Sent: Wednesday, March 11, 2009 9:53 AM
> To: Struts Users Mailing List
> Subject: Re: [OT] Authorization and Authentication Question
>
> HiThanks for the suggestion, this applicatio
zation and Authentication Question
HiThanks for the suggestion, this application which i need to do this is
developed using Struts 1.2.6, can i add Spring Security to this, just as a
drop in, is there any how to documents to add spring support to struts web
application
Ashish
On Tue, Mar 10, 2009 at 7:
Spring Security is it's own filter, and my experience is that it is
pretty easy to integrate with just about any type of web-app. As far
as existing tutorials, I'd say to check google.
-Wes
On Wed, Mar 11, 2009 at 9:52 AM, Ashish Kulkarni
wrote:
> HiThanks for the suggestion, this application wh
HiThanks for the suggestion, this application which i need to do this is
developed using Struts 1.2.6, can i add Spring Security to this, just as a
drop in, is there any how to documents to add spring support to struts web
application
Ashish
On Tue, Mar 10, 2009 at 7:43 PM, Jim Kiley wrote:
> I
I'd agree. Have your UserDetailsService implementation hit LDAP for
authentication, and pass GrantedAuthorities[] on to the returned object by
asking DB2 about that info if the user is authenticated.
jk
On Tue, Mar 10, 2009 at 6:44 PM, Wes Wannemacher wrote:
> On Tuesday 10 March 2009 17:56:30
On Tuesday 10 March 2009 17:56:30 Ashish Kulkarni wrote:
> HiIs it possible to Authenticate user using LDAP, but authorize using a DB2
> database,
> I have situation where i need to authenticate and authorize some web pages.
>
> I want to authenticate users against LDAP, but have to maintain
> auth
HiIs it possible to Authenticate user using LDAP, but authorize using a DB2
database,
I have situation where i need to authenticate and authorize some web pages.
I want to authenticate users against LDAP, but have to maintain
authorization list, roles etc in DB2 database
Has anyone done anything
The, by placing the JSP's in
>> the WEB-INF directory you will prevent access directly from a browser
>> (only from the s2 dispatcher).
>>
>
--
View this message in context:
http://www.nabble.com/authentication-question-tp16006710p16198339.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
mojoRising wrote:
Thanks. That's interesting. I am using Weblogic9.2, and I seem to have no
problem using the request object in the jsp( for getParameter at least). I
am wondering what type of request object manipulation, as you are referring
to, may cause issues?
I don't recall specifi
>> that make the necessary checks.
>>
>> /Ian
>>
>>
>
>
> -----
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional comm
I use Acegi security to make sure that all of my pages are secure. I
find it very flexiable, but not always easy to configure.
If you are already using spring as you IoC, then you might as well take
advantage of Acegi.
Jeromy Evans wrote:
I've been told that some older containers don't allow
Plus: nothing under WEB-INF can be referenced by a browser, so JSPs
stored there can't be called directly.
Minus: nothing under WEB-INF can be referenced by a browser, so JSPs
stored there can't be called directly... :-)
It depends on your requirements. But generally you will want to route
r
I've been told that some older containers don't allow you to forward to
JSP's behind /WEB-INF. It wouldn't surprise me.
Other than that I've found Ian's suggestion to be the most effective way
to ensure users can't access JSPs directly, IMO a must for Tiles, html
fragments and any page using str
JSPs
that make the necessary checks.
/Ian
--
View this message in context:
http://www.nabble.com/authentication-question-tp16006710p16121577.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubsc
The easiest way is to always have the user call an action to get a JSP,
even if it is a simple page. You then also ensure that all data
necessary for that page has been obtained. The, by placing the JSP's in
the WEB-INF directory you will prevent access directly from a browser
(only from the
The easiest way is to always have the user call an action to get a JSP,
even if it is a simple page. You then also ensure that all data
necessary for that page has been obtained. The, by placing the JSP's in
the WEB-INF directory you will prevent access directly from a browser
(only from the
://www.nabble.com/authentication-question-tp16006710p16006710.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
So I think I have it working and I didn't have to redirect the user,
which is good because that wasn't working anyway. I don't know if it
was JAAS or Struts, or what, but the login parameters were being
stripped from the request so they never got to the login page.
How I got it to work was th
Yea, but in this case, it may be something we need to live with.
The login page scriptlet code looks for the login credentials in the
request and sets the appropriate form fields as well as a flag we use to
indicate whether the form should be submitted immediately upon loading
and in either ca
Adam Gordon wrote:
I think the solution is
going to be to redirect the user to the default main page manually w/
the login parameters and JAAS should take over from there...hopefully.
Except a redirect must be to a GET, not a POST, and it would be
unfortunate to include the login credentials
Let me get this straight: All pages in your webapp are protected (not
available to non-logged in users), so when someone who is logged in on
the company's main site tries to get to a page in your webapp, JAAS
catches it and sends them to your webapp's login page, which might be
able to glean e
Adam Gordon wrote:
For background, we actually have two login pages: on is the login page
that is running inside our webapp that is running JAAS and POSTs to
j_security_check at form submission time. The other page is our
company's main website (Apache) and users can log in here too. What we
See my comments in my response to Laurie. We're basically using dual
login pages, one on our main website (Apache) and the other in our
webapp. I'm currently toying with the idea of a Filter to detect the
subsequent logins against an already authenticated session.
--adam
Dale Newfield wrote
I believe you are absolutely correct Laurie, because I've not yet seen a
way to get a handle to the LoginContext to call logout(). All we can do
is invalidate the session - which we do when the user logs out. This
removes the user principal from the request and indicates to JAAS that
the user
Laurie Harper wrote:
If you have a separate 'login' page (as opposed to having a login form
on each page) you might be able to get away with invalidating the
session when that page is shown, with the caveat that logged in users
would implicitly be logged out if they visit that page.
And in th
I don't think Container Managed Security has provisions for logging
users out, other than by expiring the session (and not even then if
you're relying on HTTP authentication rather than form-based).
If you have a separate 'login' page (as opposed to having a login form
on each page) you might
If you mean protecting the page w/ a security constraint, I think that
would be a problem in that JAAS would detect that it's a protected
resource and prompt the user to log in before hitting the login page and
upon a successful login would redirect the user to the login page after
they've alre
Adam Gordon wrote:
We're using JAAS for webapp authentication and we've discovered an
issue: If user A is logged in and tries to log in as user B, they stay
logged in as user A.
Couldn't you protect the login form page and action so that they're only
accessible by a session without any valid
Hi-
We're using JAAS for webapp authentication and we've discovered an
issue: If user A is logged in and tries to log in as user B, they stay
logged in as user A. We know how to detect if a user's already
authenticated (we have some static objects stored on the session) but
we're not sure w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eugen,
Eugen Stoianovici wrote:
> Since I can't intercept the login form (which goes to j_security_check)
> where should i put the code for setting those session values?
Ah, but you can intercept it!
You just need to think outside the container. Or,
I'm very new to struts (and java for that matter) so my question might
be stupid but here goes:
I have an application that is based on companies and employees. Each
employee may have a single company. Also each employee has a user (which
is used by tomcat for authentication/authorization) and
aop.
Greetings
Jimmy
-Original Message-
From: Tom Ziemer [mailto:[EMAIL PROTECTED]
Sent: donderdag 7 april 2005 16:58
To: Struts Users Mailing List
Subject: Authentication question
Hi everybody.
I've just started working on an application using Struts. In my previous
projects my
Subject: Authentication question
Hi everybody.
I've just started working on an application using Struts. In my previous
projects my actions that needed authentication always had some common
class that they extended. Now I am wondering whether it would be
feasible to authenticate using AOP - wr
ruts Users Mailing List
Subject: Authentication question
Hi everybody.
I've just started working on an application using Struts. In my previous
projects my actions that needed authentication always had some common
class that they extended. Now I am wondering whether it would be
feasible
Hi everybody.
I've just started working on an application using Struts. In my previous
projects my actions that needed authentication always had some common
class that they extended. Now I am wondering whether it would be
feasible to authenticate using AOP - writing interceptors for each method.
struts Dude wrote:
hi
Using container managed authentication, can i relay request parameters(i.e.
username & password) to
loginAction after successful authentication?
Because I want to construct a User bean and add it to Session after
successful authentication
but request parameters seem to get los
hi
Using container managed authentication, can i relay request parameters(i.e.
username & password) to
loginAction after successful authentication?
Because I want to construct a User bean and add it to Session after
successful authentication
but request parameters seem to get lost.
Thanks
40 matches
Mail list logo
