A few good things to know when using struts and jsp/servlet security:
1. the logic:present and logic:notPresent tags let you conditionalize your jsps based on the users role. 2. Your code can use javax.servlet.http.HttpServletRequest.isUserInRole 3. Since you are using tomcat 5x, think about using the DataSourceRelm in conjunction with something like commons dbcp. -Rich -----Original Message----- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 3:16 AM To: Struts Users Mailing List Subject: Re: Declarative Security and Struts On 11/18/2003 12:47 AM Michael Blair wrote: > I have been able to get a MemoryRealm in Tomcat to work using BASIC > authentication. If I try to do this with FORM based authentication it seems > to think the ACTION="j_security_check" in my login.jsp seems to make struts > think this is an action that should be in the struts-config. > > I admit, I know very little about security. Any links for MemoryRealm and > JDBCRealm using struts would be great! The goal is Memory first, then get it > to work with JDBC. Mike, don't use an html:form taglib for the login page. Just use pure html and then struts won't try to get involved. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
