Exactly. (*Chris*) On 6/29/07, wild_oscar <[EMAIL PROTECTED]> wrote:
Do you mean implementing a HttpServletRequestWrapper and overriding its isUserInRole so that it finds the user and its roles in the httpsession (where I stored the Principals)? Chris Pratt wrote: > > It uses the HttpServletRequest.isUserInRole() method. One way to populate > this is with a Filter that wraps the request with an > HttpServletRequestWrapper. > (*Chris*) > > On 6/29/07, wild_oscar <[EMAIL PROTECTED]> wrote: >> >> >> I am trying to develop my first web application. >> >> For authentication and authorization, I choose JAAS and followed this >> guide >> >> http://www.mooreds.com/jaas.html http://www.mooreds.com/jaas.html >> >> I am also using Struts as my MVC. I am having trouble implementing >> authorization, though. As far as I've learned, the application can have >> programmatic or declarative authorization. >> >> In struts, a way of programming dynamic authorization is the use of the >> <logic:present role="xxx"> tag. I was trying to test this. Unfortunately, >> it >> seems that struts can't seem to "know" my subject and principals (saved >> in >> a >> session attribute), so whatever the role I try (or user="userxx"), the >> tag >> is not displayed. >> >> Can anyone send me in the right direction regarding this? Where does >> struts >> look for the users and roles? How can I integrate JAAS with this MVC? >> >> >> -- >> View this message in context: >> http://www.nabble.com/JAAS-authorization-with-Struts-tf4000073.html#a11360901 >> Sent from the Struts - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > -- View this message in context: http://www.nabble.com/JAAS-authorization-with-Struts-tf4000073.html#a11364913 Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
