Wendy, Sounds like you're re-inventing SecurityFilter. :) (Yes, I've read their code)
Regards, David -----Original Message----- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 10, 2005 10:46 AM To: Struts Users Mailing List Subject: Re: Last question on JAAS I promise From: "Mark Benussi" <[EMAIL PROTECTED]> > The end result with my JAAS implementation was that I successfully got the > JAAS code invoked from tomcat via the LoginContext, however I had to, > excuse > my language, bastardise my app to place the Subject in the session after > authentication, and then override the Struts RequestProcessor to override > the processRoles method to lookup my Subject from the session and validate > against that. I have *not* been following along, so this may be way off, but... are you wrapping the request? I haven't looked, but surely the RequestProcessor is calling 'request.isUserInRole(...)' to make its decisions. If so, wrapping the request and overriding 'isUserInRole' might be better than messing with the RequestProcessor. Here's an example... http://wiki.wsmoak.net/cgi-bin/wiki.pl?TomcatRequestWrapper HTH, -- Wendy Smoak --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
