RE: Logon API in struts?

[Satyen . Chikane]

Hi, We here are trying to use our own Authorization stuff hooked into struts...   there is a method called processPreProcess in Struts ActionServlet. Now we are creating a new Servlet, MyActionServlet extends ActionServlet, and then overriding the processPreProcess method with the code which will match the role of the user with the role required to process the specific action path (which is unique ).. the role and user objects can be oracle objects(as our Data Architect suggests..)... so u'll be inhibiting the access to the specific path in the first place itself before any processing takes place... there are other issues to be sorted out though, like if a user should be able to process the path but should be able to view only some specific data...    though this is still in a primitive stage, will gain some shape in a week or two... I know this doesnt give any solution for u, but maybe u can think over this and get an idea of how to go with this approach...   -Satyen. -----Original Message----- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Monday, June 18, 2001 3:16 PM To: [EMAIL PROTECTED] Subject: RE: Logon API in struts? Hi Mike,   To use roles you need to use the containers auth mechanism. I.e. basic, digest, form (custom in the case of WebSphere) or certificate based auth. The problem is that each container sets things up differently. The issues have been discussed on this group before. See the archive at:   http://www.mail-archive.com/struts-user@jakarta.apache.org/   Jon.   -----Original Message----- From: Mike Thompson [mailto:[EMAIL PROTECTED]] Sent: 18 June 2001 14:06 To: [EMAIL PROTECTED] Subject: Re: Logon API in struts?   Ok, so the fairly standard aproach is to authenticate the user by hand and shove the user name into a session attribute that is application defined?  i.e.  session.setAttribute(Constants.USER_KEY, user);   What if I'm using roles and I want to be able to say   request.isUserInRole("ADMIN"); or Principal p = request.getUserPrincipal();   or I have some java beans that snag the princiapl name out of the SessionContext and would like to return different results based on who is making the call?   will this approach work?     --m     ----- Original Message ----- From: Jon.Ridgway To: [EMAIL PROTECTED] Sent: Monday, June 18, 2001 4:57 AM Subject: RE: Logon API in struts?   Hi Bob,   User authentication is a tricky one. The struts-example app uses a fairly standard approach. The difficulties start if you choose to use container managed auth. According to Javasoft we should all be aspiring to use Form Based auth. But each container has a different config mechanism and some such as WebSphere don't support standard form based auth at all.   Do you know which web/app server you will be deploying to?   Jon.   -----Original Message----- From: Bob Byron [mailto:[EMAIL PROTECTED]] Sent: 15 June 2001 19:21 To: [EMAIL PROTECTED] Subject: Logon API in struts?   I would like to know from the Struts elite if there are any struts centric facilities to help with login/logout? I just don't want to reinvent the wheel if it is already out there.   The username and password would be entered on the webpage itself and not entered into the user/pass dialog popup (as in the Struts-Admin application).   Thank You, Bob Byron RAD Systems, Inc. www.radit.com (972)516-4256 ------------------------------------------------------------------------------ The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Internet email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Internet email are subject to the terms and conditions expressed in any applicable governing ING Barings' terms of business or client engagement letter. Visit us at www.ingbarings.com ------------------------------------------------------------------------------