Subject: Re: [ARTICLE] Using JAAS and Struts From: "Sebastian Millies" <[EMAIL PROTECTED]> === That's a nice article, and describes the sort of approach which I am sure many people (including me) have taken. I sure would have profited by reading this before figuring it all out myself ...
My proposal would differ in having not the ActionServlet but the Action-classes check authorization - that way, you can include some bells and whistles in your ActionMapping and use the configuration in struts-config.xml to control security level, require logins, require SSL etc. for every single action. Also, if you want to collect all your permissions in a single permission DB (instead of multiple policy files) and still use JDK 1.3, you might want to consider using your own Policy implementation and maybe create an appropriateAccessControlContext under which all the action processing is done. That would be difficult to exactly mirror on JSP's, though. I'm sure people on the Struts team must have proposals up their sleeve on how to integrate JAAS, which they will include in a future release of Struts. -- Sebastian "matt_raible" <[EMAIL PROTECTED]> schrieb im Newsbeitrag news:[EMAIL PROTECTED]... > I saw this from the Denver JUG this morning, thought some folks > might be interested: > > http://www.mooreds.com/jaas.html > > Downloads and code samples from: > > http://www.mooreds.com/ > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
