If you're using Spring, it's probably a great idea to use Acegi Security to handle authentication/authorization. I can't think of anything it can't do.
http://www.acegisecurity.org/ There's also Berkano which doesn't do nearly as much as Acegi but can handle most general AA problems: http://berkano.codehaus.org/ Zarar On 8/20/07, Roberto Nunnari <[EMAIL PROTECTED]> wrote: > Hi all. > > I need to implement Authentication and Authorization in > a S2 web application, and before reinventing the wheel, I'd > like to ask the list for hints and advice. > > 1) Is there built-in support in Struts2 for Authentication and > Authorization? > > 2) What are the best practices for AA in S2? > > 3) Is JAAS be a practical way in S2? > > More details: > - The application lets the users dynamically register as members > - In the application, the members can be part of one of two or three > groups (roles) > - unauthenticated users can only view some global data > - authenticated users can change some of their own data > - authenticated users can view some of other members data > - the authenticated users can add global content > - authenticated users in more privileged roles can change some global data > - authenticated users in the admin role, can do anything > > Thank you. > > -- > Robi > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
