But, I do not want to use BASIC authentication. I have many different roles and hundreds of people per role. Users' name, role, etc. are stored in a database. --- Matt Raible <[EMAIL PROTECTED]> wrote: > A JDBCRealm can use BASIC authentication - it > doesn't require form-based. > Here's an example app that might help you out: > > http://raibledesigns.com/wiki/Wiki.jsp?page=SecurityExample > > HTH, > > Matt > > -----Original Message----- > From: Caroline Jen [mailto:[EMAIL PROTECTED] > Sent: Monday, October 06, 2003 4:45 PM > To: [EMAIL PROTECTED] > Subject: Container-Managed Authentication > <login-config> in web.xml vs. > Specifying Paths in the struts-config.xml > > > I use the Tomcat. I configured the Tomcat JDBCRealm > so that I can use programmic security testing, such > as > isUserInRole(), in my program. > > Because Tomcat JDBCRealm is form based, I inserted > the > <login-config> and its sub-elements in my web.xml > file > (see below). As we know, the <form-login-page> and > <form-error-page> are required. > > My question is that the container-managed > authentication does not seem to be consistent with > what we usually do in struts; e.g. we state the > logical name and path for each .jsp page in the > struts-config.xml file. > > What is the Struts convention in dealing with user > authentication? Should we specify the paths for the > logon page and error page in the struts.config.xml > or > we should use the <form-login-page> and > <form-error-page> in the web.xml file? > > ====================================================== > <security-constraint> > <web-resource-collection> > > <web-resource-name>SalesInfo</web-resource-name> > <url-pattern>/SalesInfo/*</url-pattern> > <http-method>GET</http-method> > <http-method>POST</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>manager</role-name> > </auth-constraint> > <user-data-constraint> > > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > > <form-login-page>/authentication/login.html</form-login-page> > > <form-error-page>/authentication/error.html</form-error-page> > </form-login-config> > > </login-config> > > <security-role> > <role-name>manager</role-name> > </security-role> > > > > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product > search > http://shopping.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] >
__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
