RE: Logon API in struts?

Mon, 18 Jun 2001 06:53:12 -0700

Hi Mike,

 

To use roles you need to use the containers auth mechanism. I.e. basic, digest, form (custom in the case of WebSphere) or certificate based auth. The problem is that each container sets things up differently. The issues have been discussed on this group before. See the archive at:

 

http://www.mail-archive.com/[email protected]/

 

Jon.

 

-----Original Message-----
From: Mike Thompson [mailto:[EMAIL PROTECTED]]
Sent: 18 June 2001 14:06
To: [EMAIL PROTECTED]
Subject: Re: Logon API in struts?

 

Ok, so the fairly standard aproach is to authenticate the user by hand and shove the user name into a session attribute that is application defined?  i.e.

 session.setAttribute(Constants.USER_KEY, user);

 

What if I'm using roles and I want to be able to say

 

request.isUserInRole("ADMIN");

or

Principal p = request.getUserPrincipal();

 

or I have some java beans that snag the princiapl name out of the SessionContext and would like to return different results based on who is making the call?

 

will this approach work?

    --m

 

 

----- Original Message -----

From: Jon.Ridgway

Sent: Monday, June 18, 2001 4:57 AM

Subject: RE: Logon API in struts?

 

Hi Bob,

 

User authentication is a tricky one. The struts-example app uses a fairly standard approach. The difficulties start if you choose to use container managed auth. According to Javasoft we should all be aspiring to use Form Based auth. But each container has a different config mechanism and some such as WebSphere don't support standard form based auth at all.

 

Do you know which web/app server you will be deploying to?

 

Jon.

 

-----Original Message-----
From: Bob Byron [mailto:[EMAIL PROTECTED]]
Sent: 15 June 2001 19:21
To: [EMAIL PROTECTED]
Subject: Logon API in struts?

 

I would like to know from the Struts elite if there are

any struts centric facilities to help with login/logout?

I just don't want to reinvent the wheel if it is already

out there.

 

The username and password would be entered on

the webpage itself and not entered into the user/pass

dialog popup (as in the Struts-Admin application).

 

Thank You,

Bob Byron
RAD Systems, Inc.
www.radit.com
(972)516-4256

Reply via email to