Just FYI : JGuard is an open source JAAS implementation. Regds r-a-v-i
-----Original Message----- From: Shilpa Vaidya [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 06, 2004 9:50 AM To: 'Struts Users Mailing List' Cc: [EMAIL PROTECTED] Subject: RE: Authorization and Authentication in Struts Hi , On these lines you can do Authorization and Authentication in Struts. But it calls the tomcat 404 page, I am still doubtful as how to call a customised page in this regards. Can anyone help. The below portion of code i believe should help in the given context. Shilpa private boolean _403 ( HttpServletRequest request, HttpServletResponse response, ActionMapping mapping ) throws IOException { response.sendError ( HttpServletResponse.SC_FORBIDDEN, "No Access" ); return false; } public boolean allowAccess(String sRequestURL, ArrayList arrActions) { boolean bAllowAccess = false; String tempURL=""; StringTokenizer stTok= new StringTokenizer(sRequestURL,"."); String beforeTemp =stTok.nextToken(); tempURL=beforeTemp.concat(".do"); if() { //Compare or do all ur security checks in this function bAllowAccess =true } } } return bAllowAccess; } protected boolean processRoles ( HttpServletRequest request, HttpServletResponse response, ActionMapping mapping) throws IOException, ServletException { if ( request.getSession ( false ) == null ) return _403 ( request, response, mapping ); Roles objRoles = new Roles(); HashMap ht_roles; //Another condition if ( isWhiteSpace ( mapping.getRoles() )) return true; String sUrl = request.getServletPath(); ServletContext ctx =getServletContext(); HashMap hmRightsMap = (HashMap)ctx.getAttribute("rightsMap"); try { RightsReader rightreader = new RightsReader( ); ArrayList arrFinal= rightreader.FilterRights(hmRightsMap,arrObtainrights); //last security check if(allowAccess(sUrl,arrFinal)==true) return true; }catch(Exception e) { e.printStackTrace(); } //call the _403 method return _403 ( request, response, mapping ); } } -----Original Message----- From: news [mailto:[EMAIL PROTECTED] Behalf Of Hal Klimer Sent: Tuesday, July 06, 2004 12:22 AM To: [EMAIL PROTECTED] Subject: Authorization and Authentication in Struts I have a question on how to implement authorization and authentication with the Struts framework. In several DB tables we have users, groups, permissions, acls, etc where the security information is stored. We would like to integrate this information, in the best possible way with Struts. From what I have read so far it's seems that best place, perhaps, is to place this request validation code is in the processPreprocess() or the processRoles() of a user extended version of the RequestProcessor class. That way one could "look" at the request first, validate it against the logged user and his ACL and decide to let him pass or not. If this is the case how do I generate a "redirect" to a "not allowed/no security" action (possibly by overriding the processActionPerform() method) or just throw a NotAuthorizedException and let a global exception handler in Struts take care of it? Is this a correct path of action? Please excuse me if this has been already talked about, maybe someone could lead me to previous discussions about how to do this. Thanks in advance. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The recipient acknowledges that ICICI Bank or its subsidiaries and associated companies, (collectively "ICICI Group"), are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of ICICI Group.Before opening any attachments please check them for viruses and defects." --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
