Hello Tom,
Thanks for your continued input. The application isn't simple, it is a
J2EE application which will serve a large number of users (users will be
using Web Browser or Mobile Device to access the application).
Based on the help I got on this list, I have been successful in setting
up JAAS and authenticating the user.
Now I am just not sure if the user credentials are being kept.
Following is the code I wrote which processes the user's login. Can you
see what I am missing? I have placed the following code in the execute
method of my action, perhaps it isn't the right place?
Subject subject;
Set principalList;
String returnValue = SUCCESS;
try
{
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext("ContentPlatform",
(CallbackHandler) handler);
loginContext.login();
subject = loginContext.getSubject();
principalList = subject.getPrincipals();
principalList.add(user);
System.out.println("o0o0o subject:"
+ subject);
System.out.println("o0o0o principle:"
+ principalList);
}
catch (LoginException e)
{
e.printStackTrace();
returnValue = ERROR;
}
return returnValue;
Regards,
Muhammad Momin Rashid.
tom tom wrote:
If it's simple application, you dont need JAAS, You
can do it via just session management isnt it? You
might need user, role, user-role threee tables on
database
thats it :)
If you are using Application server like Jboss, the
server itself got inbuilt features, which is
altogether a different discussion.
If the application is simple, do not make it
complicated,
we use JASS with CAS central authentication service
which provided SSO features.
hope this helps
--- Muhammad Momin Rashid <[EMAIL PROTECTED]> wrote:
Hello tom,
I am building a J2EE application, that is going to
be viewed using Web
Browser and Mobile Devices.
I am trying to implement security so that only a
logged in user with the
correct role can access the different parts of the
application e.g. a
non-logged in user can only access the public
information, a logged in
user can access his private data, and an logged in
admin user can access
the admin console.
Regards,
Muhammad Momin Rashid.
tom tom wrote:
what exactly you are trying to do?
--- Muhammad Momin Rashid <[EMAIL PROTECTED]>
wrote:
Hello Everyone,
I am looking for a tutorial for integrating JAAS
into my Struts 2 +
Hibernate Application. Can anyone point me to
the
right resources?
Is JAAS the best way to go, or there are better
alternates? If anyone
thinks there are better alternates, can you
provide
me with the links to
relevant tutorials?
Regards,
Muhammad Momin Rashid.
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
____________________________________________________________________________________
Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
____________________________________________________________________________________
Be a better Globetrotter. Get better travel answers from someone who knows.
Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545469
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
