On 30-03-2009 at 21:08, Danny C wrote:
> Looking for a few quick pointers here :
>
> I've added the "stripe stuff" security package to my app without a problem and
> set the SecurityManager to
> org.stripesstuff.plugin.security.J2EESecurityManager.
> The thing bootstraps without a problem.
>
> So - "now what" :)
>
> Searching for servlet 2.4 J2EE security in google yields thousands of results.
> not that im lazy, but i'd love a few pointers here.
>
> My need to be able to secure my app through context authorization. How do i
> declare my "roles" for the container and where do i put them? I get (me
> thinks)
> how to use the @permitAll, etc annotations, but I'm missing something on the
> role part.
You need to ensure two things:
- authentication
- access controls
The Stripes security package handles the seconds part. You can annotate an
event handling method or class (i.e. "all" events in that class) with e.g.
@RolesAllowed({"user","manager"}) grant access to that/those event to users
that either have the role "user" or the role "manager".
The other half, authentication, you need to get right first though. These
links may prove helpful:
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
http://www.jboss.org/community/docs/DOC-12186
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( A: Because people normally read from top to bottom.
=/ () Q: Why is top-posting such a bad thing?
------------------------------------------------------------------------------
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
