I think that what I will do (if I ever get to that stage of this project, right now I'm still working on domain layer), is use CMA via JNDI (JNDIRealm) to authenticate against LDAP. Then, if the authentication proves successful, the HTTP request continues to the webapp where it is intercepted by a filter, which performs authentication against the app-specific DB (with its own username list). Then, if authentication is successful, the user is logged in and goes wherever they were headed -- but if not, they are redirected to an Action where they can fill out a form to request an app-specific account.
I'll post here if I'm able to get that up and running, though again, right now I'm focused on another part of the code.
Erik
PS: interesting -- you got this email pretty late?
John Tangney wrote:
The way CMA works, the auth happens completely transparently. That is, auth happens before your app even sees the HttpRequest.
If you want to do a second auth-like thing with that request, the you'd set up an action to do so.
Note that the CMA can access the same db tables as the rest of the app, using a JDBCRealm (rather than JNDI.) But I guess you want to maintain separate lists of users, right?
Sorry if this is not much help. If you could explain the use case(s) a little, maybe we can help come up with an architecture that'll do the trick.
--johnt Strictly speaking this is OT, since CMA is not a Struts thing, but who ya gonna ask? ;->
in article [EMAIL PROTECTED], Erik Price at [EMAIL PROTECTED] wrote on 5/19/03 8:29 AM:
Hi,
I am soliciting advice from other struts and web developers. I am moving my in-progress project (JSP & servlets only) to Struts framework after having been converted at a JUG meeting, and am planning things out. One of the things I would like to do is move from my current security model (which uses a homebrewed authentication filter) to container-managed authorization/authentication. However, I would like to perform two steps in the login and am not sure if this is possible with CMA.
When a user requests a resource of the webapp, a login (form-based auth) should be presented, and the user enters username and password. The authorization is performed against LDAP (partly the motivation to move from my security filter to container-managed auth is to make JNDI/LDAP auth easier to set up). If the user authorizes successfully, then a *second* step is performed -- authenticate against a local (non-LDAP) database of registered users. If the user's name is present in this database, fine, log in as normal. However, if the username is not present in this database, then the user must be requesting an account to use this webapp: execute the NewUserRequestAction.
This is something I can easily do with my filter, simply by implementing the code myself. But is it possible to do with container-managed authorization? Any suggestions? BTW I would like to perform all of this within a single HTTP request so that there is no opportunity for the user to change the username after authorizing against LDAP but before querying the database.
Thanks,
Erik
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
