Thanks. I am going to look at that and a something a friend of mine told me about: liferay.com I am using an Objectivity which it doesn't support but maybe (with the source available) I can shoe horn it.
-----Original Message----- From: Peter Abbot [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 5:21 PM To: Struts Users Mailing List Subject: RE: [OT] JAAS We were looking at the same thing a while back and all the articles we found stated that JAAS doesn't integrate (very well) with Role based security yet, it is still in the pipelines for the next version of the j2ee standard. What we are looking at doing is creating a some security modules that utilize our application servers (EAServer) security extensions with the view of migrating the code to use JAAS when role based security is better supported. Another option is to look (as suggested many times before on the list) at the security filter package that is on source forge. http://securityfilter.sourceforge.net/ Pete -----Original Message----- From: Bailey, Shane C. [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2003 9:00 a.m. To: [EMAIL PROTECTED] Subject: [OT] JAAS Part of this is on topic and part off topic. Off topic: I want a web based Authenitication and Authorization scheme which is web server independent (but for my web app). I started down the road of writing my own LoginModule, CallbackHandler, and Principal implementation. Those are done and I use the LoginContext in my LoginAction to start things off. So far so good. A couple of questions. Do I need to worry about setting remote user and user principal (as in req.getXX() ) or ... Basically, I am at the point where I can get the Subject with a Principal (consisting of login name) and I don't know how to connect all the web stuff OR is there another way to do Auth without a server dependent mechanism out there? On topic: Does struts 1.1 have role capabilities in the action mapping specification (roles per action) or any other built in mechanism for doing roles with actions? If so, what needs to get set (e.g. session.setAttribute("User", someSubject); ) etc??? Basically I need to get an Authentication and Authorization mechanism implemented by Monday and I would like to have a very write once run with any web server solution but that part is secondary. I am using JRun4. Any suggestions? TIA --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
