Darren, No I don't have an example.war file for you although I *might* be able to do that tonight. However, below I've included the web.xml and securityfilter-config.xml entries for the app.
Also, the securityfilter mailing list at http://lists.sourceforge.net/lists/listinfo/securityfilter-user doesn't appear to be real active but the author of the securityfilter (Max Cooper) does read and reply, and I've yet to have a question go unanswered from either him or someone else on the list. Let me know if there is anything else I can do for you. web.xml (relevant portion only) ------------------------------- <!-- Security Filter Configuration --> <filter> <filter-name>Security Filter</filter-name> <filter-class>org.securityfilter.filter.SecurityFilter</filter-class> <init-param> <param-name>config</param-name> <param-value>/WEB-INF/securityfilter-config.xml</param-value> <description>Configuration file location (this is the default value)</description> </init-param> <init-param> <param-name>validate</param-name> <param-value>true</param-value> <description>Validate config file if set to true</description> </init-param> </filter> <!-- map all requests to the SecurityFilter, control what it does with configuration settings --> <filter-mapping> <filter-name>Security Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> securityfilter-config.xml (complete) ------------------------------------ <?xml version="1.0" encoding="ISO-8859-1" ?> <!DOCTYPE securityfilter-config PUBLIC "-//SecurityFilter.org//DTD Security Filter Configuration//EN" "http://www.securityfilter.org/dtd/securityfilter-config_1_0.dtd"> <securityfilter-config> <security-constraint> <web-resource-collection> <web-resource-name>Email List Subscription Services</web-resource-name> <url-pattern>/emailLists/subscribe.do</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/users/login/index.jsp</form-login-page> <form-error-page>/users/login/error.jsp</form-error-page> <form-default-page>/home.do</form-default-page> </form-login-config> </login-config> <!-- start with a Catalina realm adapter to wrap the Catalina realm definied below --> <realm className="org.securityfilter.realm.catalina.CatalinaRealmAdapter"/> <realm className="org.apache.catalina.realm.JDBCRealm"> <realm-param name="name" value="JDBC Security Realm"/> <realm-param name="driverName" value="org.gjt.mm.mysql.Driver"/> <realm-param name="debug" value="99"/> <realm-param name="connectionURL" value="jdbc:mysql://localhost:3306/foo?user=foo&password=pass"/> <realm-param name="userTable" value="users"/> <realm-param name="userNameCol" value="username"/> <realm-param name="userCredCol" value="password"/> <realm-param name="userRoleTable" value="roles"/> <realm-param name="roleNameCol" value="role"/> </realm> </securityfilter-config> -----Original Message----- From: Darren Hill [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 8:11 AM To: 'Struts Users Mailing List' Subject: RE: [Dan] Security and Struts Thanks Dan, I just started yesterday, trying to start a struts app, using security filter with JBoss 3.0. I think I'll need to understand JBoss a little further in order to get this to work correctly as I am getting a problem with the REALM not being set-up correctly. Do you have a quick example.war you could send? Darren. -----Original Message----- From: Dan Payne [mailto:[EMAIL PROTECTED]] Sent: September 10, 2002 6:51 PM To: Struts Users Mailing List Subject: RE: RE: Security and Struts Darren, I'm currently using the security filter in my Struts based app in conjunction with a JDBC realm. It works seemlessly. My only qualm at this point is I can't get the security filter to work with MD5 digesting, although Max Cooper is looking into it and may add support in the near future. Otherwise I would definitely recommend it. Let me know if you have any additional, specific questions. -Dan -----Original Message----- From: Darren Hill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 11:44 AM To: 'Struts Users Mailing List' Subject: RE: RE: Security and Struts Nice .. thanks Todd. Anyone ever use this with Struts? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: September 10, 2002 12:41 PM To: Struts Users Mailing List Subject: Re: RE: Security and Struts Darren, Have you looked at the SecurityFilter project by Max Cooper? Not sure what all you need to achieve but this project provides a fairly extensible Security module. You can find it at: http://securityfilter.sourceforge.net/ Regards, Todd G. Nist > > From: Darren Hill <[EMAIL PROTECTED]> > Date: 2002/09/10 Tue PM 12:23:53 EDT > To: 'Struts Users Mailing List' <[EMAIL PROTECTED]> > Subject: RE: Security and Struts > > Michael ... I've tried the same and thought it was a little messy. > > I was hope to find an example to uses roles 'n' such. > > -----Original Message----- > From: Michael Lee [mailto:[EMAIL PROTECTED]] > Sent: September 10, 2002 11:13 AM > To: Struts Users Mailing List > Subject: Re: Security and Struts > > > They have a good login example in the example war in the struts/webapps dir. > That's the way I've done it in the past. The way I'm currently doing it is > to use container managed security. This means NOT using struts for > authorization/authentication (for J2EE security). Since your using JSP your > probably gonna do form base authentication so just post your form to > action="j_security_check" and make sure your form username and password > fields are j_username and j_password appropriately. Check your container > documentation for how to hook this into its security model. > I'm currently actually having a problem with this in that I need for the > user information to be stored in the session at login. I may just put a tag > at the top of every page but that seems to get rid of the 'niceties' of > using J2EE security. I want to set the locale based upon the loaded user > object. Problem is, it goes right to the requested jsp page after login > without loading the user and his preferences. Not sure how I'm going to > handle this but in the mean time, that is how I handle security. > Mike > > > ----- Original Message ----- > From: "Darren Hill" <[EMAIL PROTECTED]> > To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> > Sent: Tuesday, September 10, 2002 10:24 AM > Subject: Security and Struts > > > > Hey all, > > > > I'm looking for a job document and example about best practices in > > implementing security in struts. > > I've got the general idea about placing all my JSP's under WEB-INF, but a > > doc/example might really solidify it for me. Thanks in advance. > > > > Darren. > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>