My view is that authentication is best handled totally outside of struts by
the application server. The web deployment descriptor (web.xml) per the j2
spec is specifically designed to remove login mechanics from the developer.
I'm running the JBoss/Tomcat at home and weblogic 5.1 at work and
authentication using form based authentication works just fine. If the user
can get to a page then they are already authenticated.
Kurt
-----Original Message-----
From: George Henry C. Daswani [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 1:42 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Where's the best place to do authentication
Has anybody used JAAS and struts together?
Why not use native java security?
George Daswani
On Tue, 22 May 2001, Gogineni, Pratima wrote:
> Gregor the example application has the tag to check for logged in user in
> the jsp page.
>
> But in addition to this - they also check if the user is logged in in each
> action class.
>
> Another thing is the tag is not really authenticating the user but just
> checkign if the user has been authenticated, so that the user cant even
see
> the jsp rather than find out upon performing some action in the page that
he
> is not authenticated.
>
> pratima
>
> -----Original Message-----
> From: Gregor Rayman [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 22, 2001 3:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Where's the best place to do authentication
>
>
> "Jon.Ridgway" <[EMAIL PROTECTED]> writes:
>
> > Hi Shogo,
> >
> > Have a look at the 'example' webapp provided with struts, this uses a
> taglib
> > to check the user is logged on, I'm sure you could use/amend it to fit
> your
> > purpose.
> >
> > Jon.
>
> I am not very happy with taglibs checking for logged in user. Taglibs can
be
> used
> only in JSP and JSP should implement the View part of the MVC pattern.
> Authenticating users is bussiness logic and so it shoud be done somewhere
in
> the actions.
>
> --
> gR
>
