If you need more information about JAAS, I found this : Using JAAS with Struts - A simple guide to get it up and running http://www.jroller.com/page/tomdz/20041215
and this Struts, JAAS, Tomcat: getting acquainted http://technology.amis.nl/blog/index.php?p=259 extremely helpful. However, using JAAS in an rented/shared hosting environment can be difficult. Therefore I chose a custom authentication method. I have been overriding Requestprocessor#processRoles. That allows me, to use the roles attribute in struts-config.xml, just as I would do with the JAAS config ... rgds albi -----Original Message----- From: C.F. Scheidecker Antunes [mailto:[EMAIL PROTECTED] Sent: Monday, August 08, 2005 12:32 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Re: Login with authentication from database Thanks Laurie! I have quite a few Struts and Tomcat books. What I wonder is exactly where to set up JAAS. That's because I might have more than one app in the same Tomcat5 server. So I wonder if for each database/application I could configure JAAS separately, that is can I do it only within one Struts apps use a separate database,tables for that specific struts apps? If so what is the XML config file that I should have that? My struts-config.xml? Laurie Harper wrote: > C.F. Scheidecker Antunes wrote: > >> I am learning my ways through Struts having done Servlets and JSPs >> before. In order to have authentication functionalities with my >> Servlets I used to have a user table and a roles table. Once the user >> logs in he/she would be authenticated with the user name, password >> through Tomcat as it was configured with the database information, >> table name, etc. >> >> I would like to do pretty much the same with Struts. I have checked >> the O'Reilly Struts Cookbook but, although it has great >> authentication tips, it does not include a recipe to have >> authentication with a database. Is there any article on how to >> perform it with Struts? Any books that you would suggest? >> >> So what I think is that I should have a model class to do this kind >> of authentication rather than using the XML config files. However how >> would I include all the roles in that class? Have a data structure >> like a list maybe? That way I could always check for a specific role >> for every JSP or action whether the user would be allowed or not. Any >> thoughts? > > > You can set up container managed security in just the same was as > you've done previously, you don't need to do anything new or different > with Struts (provided container managed security gives you everything > you need). Once you have it setup you can tell Struts to restrict > access to actions based on roles through struts-config.xml. > > L. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
