Re: [S2] LoginAction - Best approach feedback?

Tue, 27 Feb 2007 14:15:40 -0800 

Are you working on this "for fun" or you are really intending to do this 
on an production environment? 

If you are considering a "real world" solution, maybe it would be 
interesting to use web-container-based authorization: I use this 
throughout my intranet site and I like it very much, because I simply 
don't *NEED* to implement authorization code inside my applications 
whatsoever: just configure the web.xml defining roles and such and 
*PRESTO!*. And with JAAS you can integrate this login method with 
virtually *ANY* preexistent authentication solution.

Hope it helps...






"Paul Saumets" <[EMAIL PROTECTED]> 
27/02/2007 18:29
Please respond to
"Struts Users Mailing List" <user@struts.apache.org>


To
user@struts.apache.org
cc

Subject
[S2] LoginAction - Best approach feedback? 






 

 
      Accept        Tentative        Decline        Calendar 
 
 
      Accept        Tentative        Decline        Calendar 
 
                Hey,

Looking for feedback on best way to implement a login action mechanism 
using Struts2/Spring/JPA

Initially I had declared userName and userPassword setters inside my 
action class and proceeded to call
a validateUser method inside my userService class.

the  userService class injects a userdao object and I validate through 
calling the userdao method validate(String username, String password).

This  validate method instantiates a new UserEntity object and a query is 
performed (jpa) grabbing all entities where login = username (which  will 
be a single entity since username must be unique).

I have  this approach working. I would like to know if there is a better 
way to  do this though. Perhaps by declaring a UserEntity obj inside my 
LoginAction class and having setters called for this obj.

Then I could change my validate to pass along the new UserEntity obj via 
validate(UserEntity user).
My problem is I'm not entirely sure how I would compare against data in my 
db using JPA?

Would  your validate method then have a findAll() method and then iterate 
through the list comparing against new UserEntity obj? That make sense?

That would seem very poor though to be since a large userlist could be 
taxing to iterate over.

Any guidance or tips? :)

Thanks all!

Regards,
Paul

Reply via email to