I haven't actually used it, but would the Open Symphony - OSUser module help here, even as a starting point?
http://www.opensymphony.com/osuser/ http://www.opensymphony.com/matrix.jsp Kev. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: 10 June 2002 16:41 > To: Struts Users Mailing List > Subject: Re: User Authentication > > > > I'd like to bring this up at a more general level. > > I've wondered why Struts provides no specific User Management > tools. I'd > almost expect to see a user.tld tag lib and struts tags such as: > > <user:checkLogin> - make sure the user is logged in or > redirect to > login page > <user:userProperty> - to get/set properties from a > configurable User > bean > <user:authSource> - to configure authentication against various > soruces such as ldap, jdbc, etc. > <user:roleRequred> - for conditional processing based on > whether or > not a user has a certain role associated with them. > > I know that servlet spec 2.3 provides the idea of realms and > a declarative > security model, but I've not seen this addressed directly on > the list or > anywhere in the docs. > > Does anyone have throughts on why there have been no more > direct addressing > of this in Struts? If the answer is, "because we only have so > much time", > or, "no one's really needed/.requested it", then that's fine. > > I'm just wondering if it's the planned direction to off-load > this to the > container as a general rule. or if there are thoughts of > providing some > functionality into Struts directly. > > Anyone have insight into this? > > > > > > Struts Newsgroup (@Basebeans.com) <struts on 06/10/2002 11:25:01 AM > > Please respond to "Struts Users Mailing List" > <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > cc: (bcc: Kevin Bedell/Systems/USHO/SunLife) > Subject: Re: User Authentication > > > Subject: Re: User Authentication > From: Torgeir Veimo <[EMAIL PROTECTED]> > === > David Bolsover wrote: > > Vic > > > > Thanks - you could well be right, my question may be better > directed to > web > > container or JAAS. > > What I do know is that using the web xml .. <security-constraint>, > > <auth-constraint> .. features is not sufficintly flexible > for my needs -- > I > > need to be able to create new users with new, as yet > undefined security > > privileges, dynamically, with the webapp itself. > > My question I suppose is more about how to model the > security privileges > > rather than how to implement. > > Think of user having roles. Users are assigned roles as needed. You > attach functionality in your web-app to roles. The security rules in > web.xml are defined using roles, but are specified on a URL > match basis. > If you use struts, then you can insert checks in webpages to enable / > disable functionality on a more finegrained level. > > -- > -Torgeir > > > -- > To unsubscribe, e-mail: < > mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: < > mailto:[EMAIL PROTECTED]> > > > > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
