Subject: Re: Authentication, Authorization in Struts 1.1 From: "Vic C." <[EMAIL PROTECTED]> === Another link: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JDBCRealm Is one example, and it lets you do "single sign on" accross webapps if you read, all with 0 coding. It is a app server thing, not a framework thing. Vic
Craig R. McClanahan wrote: > > On Tue, 16 Jul 2002, Amit Vaidya wrote: > > >>Date: Tue, 16 Jul 2002 16:06:41 +0530 >>From: Amit Vaidya <[EMAIL PROTECTED]> >>Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]> >>To: Struts Users Mailing List <[EMAIL PROTECTED]> >>Subject: Authentication, Authorization in Struts 1.1 >> >>Hi, >> >>Does Struts 1.1 provide any means of implementing Authentication/Authorization? >> > > > No, and it shouldn't. That should be the container's responsibility. > > >>While going through the code, I found the following methods related to (Security) >Roles. >>processRoles() >>getRoles() >>setRoles() >> >>- How exactly are the Roles cofigured? Is struts-config.xml file used for this? >> A sample config would greatly help. >>- Which source does call setRoles() method? How is the roles attribute in >ActionConfig.java populated? >> >>TIA, >> > > > The roles being talked about are the ones you can use with container > managed security that is provided by your servlet container. You > configure <security-constraint> elements in your web.xml file that declare > the required roles to access certain URLs, and then you configure your > container's user database (details will be specific to which container you > use) to add appropriate users and roles. Details on security constraints > are in the servlet spec. > > http://java.sun.com/products/servlet/download/ > > For example, if you're using Tomcat 4, the default "user database" is an > XML file $CATALINA_HOME/conf/tomcat-users.xml. Out of the box, the > example application has a protected area that you can experiment with, and > then look at the web.xml file to see how it was configured: > > http://localhost:8080/examples/jsp/security/protected/ > > with a username "tomcat" and password "tomcat" (if you haven't adjusted > the default user file). Tomcat also has lots of other flexibility, > including the use of a database or directory server as the source of user > information, the ability to use different user databases for different > webapps, and so on. In 4.1.x releases, there is even an administrative > webapp (built on top of Struts) that lets you add and remove users > through a GUI. > > Every container will provide it's own mechanisms to do that sort of thing. > But your application just protects things in terms of roles, and will run > on any such container. > > >>Regards, >>Amit > > > Craig > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
