Sean, many thanks for keeping up with my questions - appreciate it. And yes you are correct. I am using JBoss 3.0.7 / Tomcat 4.1.24. By the way have you got any idea if this issue is about to be resolved at the Servlet Container Spec ?
Thanks, Erez -----Original Message----- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 11:19 AM To: Struts Users Mailing List Subject: RE: Login Form On Tue, 2003-07-08 at 20:34, Erez Efrati wrote: > Thanks Sean, > > I looked at it and it does avoid the BIG limitation posed by the > standard spec in fact. Still I cannot use it since it disables the > passing of the principal identity through calls to EJB methods. > That's what it says in the introductory documentation, but... You're using JBoss/Tomcat right? Well give me a day and I'll email you a class that should do all you want... It's a RealmAdaptor for securityfilter/Jboss that uses the JBoss security extension and so correctly instantiates the Principal for the EJB layer. It works for me with JBoss4/Jetty, so you should give it a try. (I'm waiting on some code from another guy whose done similar and so just want to compare - if his stuff doesn't arrive shortly, I'll send mine as it) > Now, I am new to the web development and it amazes me that such a basic > feature is missing from the Servlet spec and is not addressed. Why is it > that way? Is it so unusual to want to have the login fields on the start > page?? Not unusual at all... And many Java sites have it that way, but they don't necessarily use container authentication and they probably don't use EJB's (many people steer clear - deep seated reservations from 1.0 are still abound). If I get time I'm going to try and get the Jetty guys to 'surface' their web Authenticators to allow developers to roll their own... I've looked at the code and shouldn't be too difficult - one or two areas I'm not sure about, but... > > Thanks, > Erez > > > -----Original Message----- > From: Sean Radford [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 08, 2003 8:21 PM > To: Struts Users Mailing List > Subject: RE: Login Form > > Have a look at this (you may find what you want): > > http://sourceforge.net/projects/securityfilter/ > > Sean > > > > -----Original Message----- > > From: Erez Efrati [mailto:[EMAIL PROTECTED] > > Sent: July 8, 2003 10:11 AM > > To: 'Struts Users Mailing List' > > Subject: Login Form > > > > > > Hi, > > > > My question is a bit off Struts but still since I am using Struts and > > it's too urgent for me I thought to try my luck here, maybe someone > had > > stumbled on this issue too. > > > > I am running JBoss/Tomcat/Struts using the JAAS for handling the > > application security aspects. I have used the > > <auth-method>FORM</auth-method> clauses inside the Web.xml file. > > > > In my web site I want to have the site home page to have also a small > > login form where the user could enter username and password and login > to > > the site. The home page, contains other links as well, which lead to > > other parts of the site or even to external pages on other sites. > > > > >From what I've read so far, it seems to me that the FORM method is > > activated only when the web user tries to access a protected page. > Then > > the Web Server (Tomcat in my case) returns the loginPage stated in the > > Web.xml file, and only after the login is performed (j_security_check) > > the Tomcat then redirects the web user to the original portected page. > > > > Is it possible to have the site home page as the login page still > using > > mechanisms of FORM and JAAS? If so I would really appreciate any help > on > > how to do it, and what are the configurations required. > > > > Thanks, > > Erez > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] -- Dr. Sean Radford, MBBS, MSc <[EMAIL PROTECTED]> http://bladesys.demon.co.uk/ Blade Systems --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
