Struts can hook into container-managed security - it has support for roles in it's <logic:present ...> tag, in a "roles" attribute on it's action mappings, and also in Tiles for displaying different pages based on roles. It really does nothing special - just hooks into what's already there. If you're using form-based authentication - Struts will play nicely with it.
HTH, Matt > -----Original Message----- > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 13, 2003 8:52 AM > To: Tomcat Users List > Subject: Re: Form based security > > > Ok, I've got it now... > > Thanks for the information. > > Now my manager is saying he wasnted it all done in Struts and > that Struts > has a security model that I should be using. Is he wrong? I > though struts > was just tag libs and an MVC for hitting business logic. > > Time for me to learn struts now I guess... > > -- > Sloan > > ----- Original Message ----- > From: "Barney Hamish" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > Sent: Thursday, February 13, 2003 10:33 AM > Subject: RE: Form based security > > > > I think you've got the wrong idea about how the form-based > security works. > > It is counter-intuitive I agree but anyway... > > > > Firstly the login form should not be in the secure area. > > Define as the default page something in the secure area. > > When the user tries to go to this default page tomcat will > redirect them > to > > the login page. > > After they've logged in successfully Tomcat wil redirect > them to the page > > they originally asked for (i.e. the default page). > > > > You don't need a filter to do this. Tomcat does it > automatically for you. > > > > Hamish > > > > > -----Original Message----- > > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, February 13, 2003 4:32 PM > > > To: Tomcat Users List > > > Subject: Re: Form based security > > > > > > > > > Ok, I figured most of the things out. > > > > > > My next question (along the same lines) is this: > > > > > > I have a link to the login.jsp which is now in a > > > security-constraint area. > > > When they use the login.jsp successfully it complains about: > > > Invalid direct reference to form login page > > > > > > How do I use the login page and define a page for a > successful login? > > > > > > Thanks! > > > > > > -- > > > Sloan > > > > > > ----- Original Message ----- > > > From: "Sloan Seaman" <[EMAIL PROTECTED]> > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > > Sent: Thursday, February 13, 2003 10:01 AM > > > Subject: Re: Form based security > > > > > > > > > > I have a filter set up so that if they don't go to the > index.jsp or > > > > login.jsp it will redirect them to the login.jsp. > > > > (is that the best way?) > > > > > > > > So basically they either go to the index.jsp or login.jsp > > > page. How do I > > > > list a page as secure? > > > > > > > > Do I have to wirte code for the j_security_check or is this > > > something > > > within > > > > tomcat? > > > > > > > > ----- Original Message ----- > > > > From: "Barney Hamish" <[EMAIL PROTECTED]> > > > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > > Sent: Thursday, February 13, 2003 9:50 AM > > > > Subject: RE: Form based security > > > > > > > > > > > > > Are you going directly to the login page? If so then you > > > need to go to a > > > > > page in that's listed as being secure. You will then be > > > forwarded to the > > > > > login page. When you've logged in successfully then > you will be > > > forwarded > > > > to > > > > > the page you originally requested. > > > > > Hamish > > > > > > > > > > > -----Original Message----- > > > > > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > > > > > Sent: Thursday, February 13, 2003 3:48 PM > > > > > > To: [EMAIL PROTECTED] > > > > > > Subject: Form based security > > > > > > > > > > > > > > > > > > I'm attempting to do form based security and I keep > getting a > > > > > > 404 error when > > > > > > I click the submit button. > > > > > > > > > > > > I'm guessing I'm missing some type of configuration in the > > > > > > server.xml..... > > > > > > > > > > > > The form I am using is: > > > > > > <form method="POST" action="j_security_check"> > > > > > > <input type="text" name="j_username"/> > > > > > > <input type="password" name="j_password"/> > > > > > > <input type="submit" value="Submit"> > > > > > > </form> > > > > > > > > > > > > > > > > > > And I have the following in my web.xml > > > > > > <login-config> > > > > > > <auth-method>FORM</auth-method> > > > > > > <form-login-config> > > > > > > <form-login-page>/login.jsp</form-login-page> > > > > > > <form-error-page>/login-error.jsp</form-error-page> > > > > > > </form-login-config> > > > > > > </login-config> > > > > > > > > > > > > Can anyone help me out here? > > > > > > > > > > > > -- > > > > > > Sloan > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
