So Erik, is it a common and usual aproach to do login
outside of Struts (ordinary jsps), and then use Struts
afterwards???
--- Erik Weber <[EMAIL PROTECTED]> escreveu:
> Leandro, search the archives of this List for
> "JAAS". I participated in
> a thread about this within the last two months.
>
> I'm not sure if I understand exactly what you want
> to do, but if you
> want to use container-managed security, I don't know
> of a way to have
> your login screen be part of Struts. As far as I
> know, you have to let
> the container process the request that results from
> the login screen's
> form submittal (I tried having an Action intercept
> this request and then
> attempt to login with the JBoss JAAS module manually
> but gave up when I
> realized problem # 2 -- below).
>
> Another problem you are probably going to run into
> is that the JBoss
> security context is not propagated to Tomcat, and
> vice versa, as far as
> I know. So if you authenticate using JBoss JAAS,
> Tomcat won't know about
> it, and the methods such as request.isUserInRole
> aren't going to do you
> any good (although you would presumably be able to
> use the similar
> methods on EJBs, because they are running within the
> JBoss security
> context).
>
> I found JAAS to be a nightmare, though a couple
> people gave me possible
> solutions to the problems I mentioned in the thread
> (one would be
> intercepting the login screen request and then
> manually logging in with
> both JBoss JAAS as well as Tomcat JAAS modules --
> but I don't know if
> this has been done). I presume it's a much easier
> endeavor if you are
> just using Tomcat stand alone, but I'll let Craig
> address that if he
> wants, because I've never tried it.
>
> Erik
>
>
> Leandro Melo wrote:
>
> >Or i just extend the DatabaseServerLoginModule
> class
> >and leave an empty class????
> >
> >
> >
> > --- Leandro Melo <[EMAIL PROTECTED]>
> >escreveu:
> >
> >
> >>Just complementing my question...
> >>
> >>Would it be fair if i copy JBoss'
> >>DatabaseServerLoginModule code and place it inside
> >>an
> >>Action???
> >>
> >>This way, i'll have an Action (for example,
> >>MyLoginAction) that does exactly what
> >>DatabaseServerLoginModule does.
> >>
> >>
> >>
> >> --- Leandro Melo <[EMAIL PROTECTED]>
> >>escreveu:
> >>
> >>
> >>>Please help me out here!
> >>>I'm very new with jaas, so i need some help.
> >>>
> >>>I got a simple login that is working fine for me,
> >>>here
> >>>it is:
> >>>
> >>>...
> >>><FORM action='<%=
> >>>response.encodeURL("j_security_check")%>'
> >>> method="get">
> >>> <!-- esses nomes tem q ser assim ->
> >>>j_username
> >>>-->
> >>> NOME:<INPUT type="text" name="j_username"
> >>>
> >>>
> >>/>
> >>
> >>
> >>>
> >>> <!-- tem q ser j_password -->
> >>> SENHA: <INPUT type="password"
> >>>name="j_password"
> >>>/>
> >>> <INPUT type="submit" value="Login" />
> >>></FORM>
> >>>...
> >>>
> >>>I'm using JBoss' default stuff (LoginModule,
> >>>CallbackHandler, etc...) to make it works. Here's
> >>>
> >>>
> >>a
> >>
> >>
> >>>piece of my configuration file (for jboss).
> >>>
> >>>...
> >>>example2
> >>>{
> >>>
> >>>
> >>>
>
>org.jboss.security.auth.spi.DatabaseServerLoginModule
> >
> >
> >>>required
> >>>dsJndiName="java:/DefaultDS"
> >>>principalsQuery="Select Password from Principals
> >>>where
> >>>PrincipalID =?"
> >>>rolesQuery="Select Role 'Roles', RoleGroup
> >>>'RoleGroups' from Roles where PrincipalID =?"
> >>>;
> >>>};
> >>>...
> >>>
> >>>
> >>>As i said, this works fine for me. I only made
> >>>configuration and login.jsp, after the user
> >>>
> >>>
> >>submits
> >>
> >>
> >>>data from login.jsp, JBoss takes care of the
> whole
> >>>thing and already directs the user to index.jsp
> >>>
> >>>
> >>(in
> >>
> >>
> >>>case of sucessful login).
> >>>
> >>>NOW, i want to do the exact same thing with
> Struts
> >>>(my
> >>>enviroment is all setup, the only thing i didn't
> >>>have
> >>>was the login module, i already have everything
> >>>
> >>>
> >>set
> >>
> >>
> >>>and working with Tiles).
> >>>
> >>>The problem is that i don't know what to do,
> >>>
> >>>
> >>because
> >>
> >>
> >>>i'll probably have to write a Servlet that
> handles
> >>>this request won't i???
> >>>
> >>>Here's in my web.xml
> >>> <security-constraint>
> >>> <web-resource-collection>
> >>>
> >>>
> >>>
> >><web-resource-name>Restricted</web-resource-name>
> >>
> >>
> >>> <description>Declarative security
> >>>tests</description>
> >>> <url-pattern>/jaas_tests/*</url-pattern>
> >>> <http-method>HEAD</http-method>
> >>> <http-method>GET</http-method>
> >>> <http-method>POST</http-method>
> >>> <http-method>PUT</http-method>
> >>> <http-method>DELETE</http-method>
> >>> </web-resource-collection>
> >>>
> >>> <auth-constraint>
> >>> <role-name>Echo</role-name>
> >>> <!--<role-name>Java</role-name>-->
> >>> </auth-constraint>
> >>> <user-data-constraint>
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
