There are two cases:
- With respect to authentication, we use an action (LogonAction) which is responsible for creating a JAAS subject in session.
- With respect to authorization, simply extend RequestProcessor class from Struts, and overwrite method processActionPerform, to add some authorization logic based on JAAS (remember this is the point where all actions are created and invoked from Struts).
Hope it can help, Enrique Medina.
From: "Adam Lipscombe" <[EMAIL PROTECTED]> Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Subject: Newbie: Using Struts with JAAS? Date: Wed, 16 Jun 2004 10:10:45 +0100
Folks,
I am struggling to understand how to use JAAS with Struts 1.1 I need a simple-to-follow example.
The requirement is for standard authentication and permission handling -
logging a user in and checking that they have permission to access an Action
or URL.
Should I use JAAS or home-grown security?
If I go down the home-grown route logging in a user is no problem.
One way that occurs to me to enforce permissions is to put a check into each
JSP to ensure that the user has the appropriate role to view that page and
redirect if not.
What do people think? Is JAAS the way to go? If JAAS, what are the advantages in a Struts context? Is there a simple JAAS example somewhere that I can cut and paste from?
TIA - Adam
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________
Descarga gratis la Barra de Herramientas de MSN http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
