I'm not sure if I understand exactly what you want to do, but if you want to use container-managed security, I don't know of a way to have your login screen be part of Struts. As far as I know, you have to let the container process the request that results from the login screen's form submittal (I tried having an Action intercept this request and then attempt to login with the JBoss JAAS module manually but gave up when I realized problem # 2 -- below).
Another problem you are probably going to run into is that the JBoss security context is not propagated to Tomcat, and vice versa, as far as I know. So if you authenticate using JBoss JAAS, Tomcat won't know about it, and the methods such as request.isUserInRole aren't going to do you any good (although you would presumably be able to use the similar methods on EJBs, because they are running within the JBoss security context).
I found JAAS to be a nightmare, though a couple people gave me possible solutions to the problems I mentioned in the thread (one would be intercepting the login screen request and then manually logging in with both JBoss JAAS as well as Tomcat JAAS modules -- but I don't know if this has been done). I presume it's a much easier endeavor if you are just using Tomcat stand alone, but I'll let Craig address that if he wants, because I've never tried it.
Erik
Leandro Melo wrote:
Or i just extend the DatabaseServerLoginModule class and leave an empty class????
--- Leandro Melo <[EMAIL PROTECTED]>
escreveu:
org.jboss.security.auth.spi.DatabaseServerLoginModuleJust complementing my question...
Would it be fair if i copy JBoss' DatabaseServerLoginModule code and place it inside an Action???
This way, i'll have an Action (for example, MyLoginAction) that does exactly what DatabaseServerLoginModule does.
--- Leandro Melo <[EMAIL PROTECTED]>
escreveu:
/>Please help me out here! I'm very new with jaas, so i need some help.
I got a simple login that is working fine for me, here it is:
...
<FORM action='<%=
response.encodeURL("j_security_check")%>' method="get">
<!-- esses nomes tem q ser assim ->
j_username
-->
NOME:<INPUT type="text" name="j_username"
<!-- tem q ser j_password -->a
SENHA: <INPUT type="password"
name="j_password"
/>
<INPUT type="submit" value="Login" />
</FORM> ...
I'm using JBoss' default stuff (LoginModule,
CallbackHandler, etc...) to make it works. Here's
piece of my configuration file (for jboss).
... example2 {
<form-login-page>/jaas_tests/login.jsp</form-login-page>submitsrequired dsJndiName="java:/DefaultDS" principalsQuery="Select Password from Principals where PrincipalID =?" rolesQuery="Select Role 'Roles', RoleGroup 'RoleGroups' from Roles where PrincipalID =?" ; }; ...
As i said, this works fine for me. I only made
configuration and login.jsp, after the user
data from login.jsp, JBoss takes care of the whole(in
thing and already directs the user to index.jsp
setcase of sucessful login).
NOW, i want to do the exact same thing with Struts
(my
enviroment is all setup, the only thing i didn't
have
was the login module, i already have everything
and working with Tiles).because
The problem is that i don't know what to do,
<web-resource-name>Restricted</web-resource-name>i'll probably have to write a Servlet that handles this request won't i???
Here's in my web.xml
<security-constraint>
<web-resource-collection>
<description>Declarative security tests</description> <url-pattern>/jaas_tests/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>Echo</role-name> <!--<role-name>Java</role-name>--> </auth-constraint> <user-data-constraint> <description>no description</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config>
<form-error-page>/jaas_tests/error.jsp</form-error-page>
_______________________________________________________</form-login-config> </login-config>
I can start by changing the login page from login.jsp to login.do, mapping this Action, then what... ???
Thanks, Leandro
---------------------------------------------------------------------Yahoo! Acesso Grátis - navegue de graça comconexão
de qualidade! http://br.acesso.yahoo.com/
_______________________________________________________To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Yahoo! Acesso Grátis - navegue de graça com conexão---------------------------------------------------------------------
de qualidade! http://br.acesso.yahoo.com/
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_______________________________________________________
Yahoo! Acesso Grátis - navegue de graça com conexão de qualidade! http://br.acesso.yahoo.com/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
