Muhammad, Starting out from scratch should you use JAAS? I'm not a JAAS expert (I tend to use JASIG CAS which uses JAAS internally and SecurityFilter) but I imagine it all depends on your circumstances. >From what I can gather if you need to reuse the exact same login mechanism for desktop applications, command line applications, applets, web applications and such then it is probably worth the effort to create a JAAS LoginModule and configure your web application to use that. Granted JAAS is a standard mechanism but it looks like it can be a complex mechanism at times.
If your application is only ever going to be a web application then you are probably justified in producing a simpler homegrown solution (at least to start with). The example below shows one way to create a Struts 2 login interceptor using Spring. <http://www.vitarara.org/cms/struts_2_cookbook/creating_a_login_interceptor> In the example above the actual authentication is conducted by a Spring bean ("securityManager"). Using Spring's JDBCTemplates, LDAPTemplates, HibernateTemplate it is fairly simple to create beans that access various datasources in various ways. It would also be easy enough to extend the securityManager to access role information. Of course you can always access your JAAS login module via your Spring bean a later date if you so choose. HTH Mark On 9/12/07, Muhammad Momin Rashid <[EMAIL PROTECTED]> wrote: > Hello Mark, > > Thanks for your response. > > Actually I am writing a Web Application from Scratch, using Struts 2 and > Hibernate. I need to implement security so that only authorised User > can access the desired pages. The user names, passwords and their roles > are stored in the database. > > I am looking for a tutorial that can guide me through implementation of > JAAS based security for my web application. I am starting from scratch > here. > > Regards, > Muhammad Momin Rashid. > -- "Paradoxically, the more time saving abstractions you are using the more you actually have to know." - Simon Willison --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
