Hi Adam, in tomcat 4.1.X there is an application (admin)
that is based upon JAAS and struts. it uses MemoryRealm to identify the users. (a file "tomcat-users.xml" in $TOMCAT_HOME/conf) watch WEB.XML (for security-rules) and login.jps in $TOMCAT_HOME/server/webapps/admin there is also a simple logoutAction...: http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-4.0/webapps/admin/WEB-I NF/classes/org/apache/webapp/admin/LogOutAction.java?rev=1.1&view=markup hope that helps you! > -----Original Message----- > From: Adam Lipscombe [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 16, 2004 11:11 AM > To: 'Struts Users Mailing List' > Subject: Newbie: Using Struts with JAAS? > > > Folks, > > > I am struggling to understand how to use JAAS with Struts 1.1 > I need a simple-to-follow example. > > > The requirement is for standard authentication and permission > handling - logging a user in and checking that they have > permission to access an Action or URL. > > Should I use JAAS or home-grown security? > > If I go down the home-grown route logging in a user is no problem. > One way that occurs to me to enforce permissions is to put a > check into each JSP to ensure that the user has the > appropriate role to view that page and redirect if not. > > > What do people think? Is JAAS the way to go? > If JAAS, what are the advantages in a Struts context? > Is there a simple JAAS example somewhere that I can cut and > paste from? > > > > TIA - Adam > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
