This all sounds great if you are running only one app on Tomcat. I don't see where it addresses having webapp level control of url mappings. It sounds to me like JAAS serves well on a container level/single app level. But in a shared hosting environment where you need to have specific webapps with their own set of permissions and their own user info database/ldap/etc... it wont' suffice. Am I wrong? Because if I am I need to be using this for my Struts apps. I saw a spec that seems to address this better (I think).
Here is the link: Java Authorization Contract for Containers: ftp://ftp.java.sun.com/pub/spec/java_authorization_contract/POqt9333BB/jacc- 1_0-prd-spec.pdf Brandon Goodin Phase Web and Multimedia P (406) 862-2245 F (406) 862-0354 [EMAIL PROTECTED] http://www.phase.ws > -----Original Message----- > From: Struts Newsgroup [mailto:@[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 10:55 AM > To: [EMAIL PROTECTED] > Subject: Re: [ARTICLE] Using JAAS and Struts > > > Subject: Re: [ARTICLE] Using JAAS and Struts > From: "Sebastian Millies" <[EMAIL PROTECTED]> > === > That's a nice article, and describes the sort of approach which I am sure > many people (including me) have taken. I sure would have profited by > reading this before figuring it all out myself ... > > My proposal would differ in having not the ActionServlet but the > Action-classes > check authorization - that way, you can include some bells and whistles in > your ActionMapping and use the configuration in struts-config.xml > to control > security level, require logins, require SSL etc. for every single action. > > Also, if you want to collect all your > permissions in a single permission DB (instead of multiple policy > files) and > still use JDK 1.3, you might want to consider using your own Policy > implementation and maybe create an appropriateAccessControlContext > under which all the action processing is done. That would be difficult to > exactly mirror on JSP's, though. > > I'm sure people on the Struts team must have proposals up their sleeve on > how to integrate JAAS, which they will include in a future release of > Struts. > > -- Sebastian > > > "matt_raible" <[EMAIL PROTECTED]> schrieb im Newsbeitrag > news:[EMAIL PROTECTED]... > > I saw this from the Denver JUG this morning, thought some folks > > might be interested: > > > > http://www.mooreds.com/jaas.html > > > > Downloads and code samples from: > > > > http://www.mooreds.com/ > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
