Michael ... I've tried the same and thought it was a little messy. I was hope to find an example to uses roles 'n' such.
-----Original Message----- From: Michael Lee [mailto:[EMAIL PROTECTED]] Sent: September 10, 2002 11:13 AM To: Struts Users Mailing List Subject: Re: Security and Struts They have a good login example in the example war in the struts/webapps dir. That's the way I've done it in the past. The way I'm currently doing it is to use container managed security. This means NOT using struts for authorization/authentication (for J2EE security). Since your using JSP your probably gonna do form base authentication so just post your form to action="j_security_check" and make sure your form username and password fields are j_username and j_password appropriately. Check your container documentation for how to hook this into its security model. I'm currently actually having a problem with this in that I need for the user information to be stored in the session at login. I may just put a tag at the top of every page but that seems to get rid of the 'niceties' of using J2EE security. I want to set the locale based upon the loaded user object. Problem is, it goes right to the requested jsp page after login without loading the user and his preferences. Not sure how I'm going to handle this but in the mean time, that is how I handle security. Mike ----- Original Message ----- From: "Darren Hill" <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Sent: Tuesday, September 10, 2002 10:24 AM Subject: Security and Struts > Hey all, > > I'm looking for a job document and example about best practices in > implementing security in struts. > I've got the general idea about placing all my JSP's under WEB-INF, but a > doc/example might really solidify it for me. Thanks in advance. > > Darren. > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
