Part of this is on topic and part off topic.
Off topic:
I want a web based Authenitication and Authorization scheme which is
web server independent (but for my web app). I started down the road
of writing my own LoginModule, CallbackHandler, and Principal
implementation.
Those are done and I use the LoginContext in my LoginAction to start things
off. So far so good. A couple of questions. Do I need to worry about
setting
remote user and user principal (as in req.getXX() ) or ... Basically, I am
at
the point where I can get the Subject with a Principal (consisting of login
name)
and I don't know how to connect all the web stuff OR is there another way
to do Auth without a server dependent mechanism out there?
On topic:
Does struts 1.1 have role capabilities in the action mapping specification
(roles per action) or any other built in mechanism for doing roles with
actions?
If so, what needs to get set (e.g. session.setAttribute("User",
someSubject); )
etc???
Basically I need to get an Authentication and Authorization mechanism
implemented
by Monday and I would like to have a very write once run with any web server
solution
but that part is secondary. I am using JRun4. Any suggestions?
TIA
