Hi Joe,
Thanks for that. I cant comment which approach most appropriate 'cos I haven't used them, Really I am looking for advice on which is the most practical "real-world" way to enforce security in a Struts 1.1 environment. I don't need anything fancy - just logging a user in and then preventing access to certain URL's, based on the users role. I have tight deadlines and cant afford to spend heaps of time researching and experimenting with the various security options. I need a simple example of something that works and is robust. In previous projects I have used home-grown security like the approach I mentioned originally. But having done some reading on JAAS and Tomcat security (realms) maybe these approaches are better? I don't want to re-invent anything. Thanks for your input.... Adam -----Original Message----- From: Joe Hertz [mailto:[EMAIL PROTECTED] Sent: 16 June 2004 10:22 To: 'Struts Users Mailing List' Subject: RE: Newbie: Using Struts with JAAS? You've got a middle case youre not mentioning. What's wrong with container managed/declarative security (ex: A JDBCRealm) or something a shade more robust like SecurityFilter? > -----Original Message----- > From: Adam Lipscombe [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 16, 2004 5:11 AM > To: 'Struts Users Mailing List' > Subject: Newbie: Using Struts with JAAS? > > > Folks, > > > I am struggling to understand how to use JAAS with Struts 1.1 I need a > simple-to-follow example. > > > The requirement is for standard authentication and permission > handling - logging a user in and checking that they have > permission to access an Action or URL. > > Should I use JAAS or home-grown security? > > If I go down the home-grown route logging in a user is no problem. > One way that occurs to me to enforce permissions is to put a > check into each JSP to ensure that the user has the > appropriate role to view that page and redirect if not. > > > What do people think? Is JAAS the way to go? > If JAAS, what are the advantages in a Struts context? > Is there a simple JAAS example somewhere that I can cut and > paste from? > > > > TIA - Adam > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
