In Struts 1.1, you can assign a list of roles to each ActionMapping. By default, this uses the same JAAS scheme used by the container. However, you can also provided your own RequestProcessor that can override this and use whatever scheme works for your application.
-- Ted Husted, Husted dot Com, Fairport NY US -- Author, Java Web Development with Struts -- Order it today: -- http://husted.com/struts/book.html amolk wrote: > Hi, > > I am new to Struts. I am referring the struts-example to build a prototype >resembling our application which is right now using only servlets. > > I need to authenticate each request that comes to the webapp ( though the action >servlet ). There are two parts to the authentication scheme. > 1. Authenticate the user when she provides the login name and password. > 2. On very page ( or request ) verify that the request is coming from an >authenticated user. > > Both these parts would be required by most of the webapps ( if not all ). > Different types of web apps could have different authentication schemes. So lets >assume the first part cant be made generic. > > But, why cant we have a generic version of CheckLogonTag and the corresponding ><app:checkLogon/> ? And make it part of the struts framework?? > Usage would be something like > Something like <app:checkLogon application="EA1" > for enterprise app1. EA1 string >would be put in the session by the logonAction which is application specific. > So, though the authentication scheme and the strings we put in the session to flag >the session as authenticated would be different for different applications, the way >to verify would be made generic which accepts parameters which are appliction >dependent. > Now, i have to "struts enable" 3 webapplications. Either i replicate the tld, Tag >class, etc or make it generic so that i can use it across the apps. > (Thinking of implementing the second option) > > Any comments? > ( or is there something like that already in place?? ) > > thnx, > amol -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
