
Mr. Payne ... much appreciated.  I'm am in your debt.  Don't hesitate to ask
me for a foavor in the future.


-----Original Message-----
From: Dan Payne [mailto:[EMAIL PROTECTED]]
Sent: September 11, 2002 12:18 PM
To: Struts Users Mailing List
Subject: RE: [Dan] Security and Struts


No I don't have an example.war file for you although I *might* be able to do
that tonight.  However, below I've included the web.xml and
securityfilter-config.xml entries for the app.

Also, the securityfilter mailing list at doesn't
appear to be real active but the author of the securityfilter (Max Cooper)
does read and reply, and I've yet to have a question go unanswered from
either him or someone else on the list.

Let me know if there is anything else I can do for you.

web.xml (relevant portion only)
        <!-- Security Filter Configuration -->
                <filter-name>Security Filter</filter-name>
                         <description>Configuration file location (this is
the default
                         <description>Validate config file if set to

        <!-- map all requests to the SecurityFilter, control what it does
configuration settings -->
                <filter-name>Security Filter</filter-name>

securityfilter-config.xml (complete)
<?xml version="1.0" encoding="ISO-8859-1" ?>

<!DOCTYPE securityfilter-config PUBLIC
                                        "-// Security
Filter Configuration//EN"


                        <web-resource-name>Email List Subscription


        <!-- start with a Catalina realm adapter to wrap the Catalina realm
definied below -->

        <realm className="org.apache.catalina.realm.JDBCRealm">
                <realm-param name="name" value="JDBC Security Realm"/>
                <realm-param name="driverName"
                <realm-param name="debug" value="99"/>
                <realm-param name="connectionURL"
                <realm-param name="userTable" value="users"/>
                <realm-param name="userNameCol" value="username"/>
                <realm-param name="userCredCol" value="password"/>
                <realm-param name="userRoleTable" value="roles"/>
                <realm-param name="roleNameCol" value="role"/>


-----Original Message-----
From: Darren Hill [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 11, 2002 8:11 AM
To: 'Struts Users Mailing List'
Subject: RE: [Dan] Security and Struts

Thanks Dan,

I just started yesterday, trying to start a struts app, using security
filter with JBoss 3.0.  I think I'll need to understand JBoss a little
further in order to get this to work correctly as I am getting a problem
with the REALM not being set-up correctly.

Do you have a quick example.war you could send?


-----Original Message-----
From: Dan Payne [mailto:[EMAIL PROTECTED]]
Sent: September 10, 2002 6:51 PM
To: Struts Users Mailing List
Subject: RE: RE: Security and Struts


I'm currently using the security filter in my Struts based app in
conjunction with a JDBC realm.  It works seemlessly.  My only qualm at this
point is I can't get the security filter to work with MD5 digesting,
although Max Cooper is looking into it and may add support in the near
future.  Otherwise I would definitely recommend it.  Let me know if you have
any additional, specific questions.


-----Original Message-----
From: Darren Hill [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 10, 2002 11:44 AM
To: 'Struts Users Mailing List'
Subject: RE: RE: Security and Struts

Nice .. thanks Todd.

Anyone ever use this with Struts?

-----Original Message-----
Sent: September 10, 2002 12:41 PM
To: Struts Users Mailing List
Subject: Re: RE: Security and Struts


Have you looked at the SecurityFilter project by Max Cooper?  Not sure what
all you need to achieve but this project provides a fairly extensible
Security module.  You can find it at:

Todd G. Nist
> From: Darren Hill <[EMAIL PROTECTED]>
> Date: 2002/09/10 Tue PM 12:23:53 EDT
> To: 'Struts Users Mailing List' <[EMAIL PROTECTED]>
> Subject: RE: Security and Struts
> Michael ... I've tried the same and thought it was a little messy.
> I was hope to find an example to uses roles 'n' such.
> -----Original Message-----
> From: Michael Lee [mailto:[EMAIL PROTECTED]]
> Sent: September 10, 2002 11:13 AM
> To: Struts Users Mailing List
> Subject: Re: Security and Struts
> They have a good login example in the example war in the struts/webapps
> That's the way I've done it in the past. The way I'm currently doing it is
> to use container managed security. This means NOT using struts for
> authorization/authentication (for J2EE security). Since your using JSP
> probably gonna do form base authentication so just post your form to
> action="j_security_check" and make sure your form username and password
> fields are j_username and j_password appropriately. Check your container
> documentation for how to hook this into its security model.
> I'm currently actually having a problem with this in that I need for the
> user information to be stored in the session at login. I may just put a
> at the top of every page but that seems to get rid of the 'niceties' of
> using J2EE security. I want to set the locale based upon the loaded user
> object. Problem is, it goes right to the requested jsp page after login
> without loading the user and his preferences. Not sure how I'm going to
> handle this but in the mean time, that is how I handle security.
> Mike
> ----- Original Message -----
> From: "Darren Hill" <[EMAIL PROTECTED]>
> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
> Sent: Tuesday, September 10, 2002 10:24 AM
> Subject: Security and Struts
> > Hey all,
> >
> > I'm looking for a job document and example about best practices in
> > implementing security in struts.
> > I've got the general idea about placing all my JSP's under WEB-INF, but
> > doc/example might really solidify it for me.  Thanks in advance.
> >
> > Darren.
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to