Hi all, I think this is a generic problem rather than something Struts 2 specific. Ideally in this situation you would want to be able to access getRemoteUser() and isUserInRole() from the request.
One approach is to use your application servers' container managed security, e.g. Tomcat JAASRealm. Alternatively, the best way I can come up with is by extending HttpServletRequestWrapper so that you can perform a setUserPrincipal(), setRemoteUser() (etc.) and then wrapping the request with your HttpServletRequestWrapper inside a ServletFilter. Here is a VERY simple example that I wrote of such a filter which sets up a user called "test" using this idea. <https://bmarks-portlet.svn.sourceforge.net/svnroot/bmarks-portlet/bmarks-portlet/trunk/src/main/java/uk/ac/bris/portlet/bookmarks/web/SimpleAuthFilter.java> However, since this relies on a ServletFilter you will require a slightly different mechanism for portlets. Mark On 9/17/07, Eugen Stoianovici <[EMAIL PROTECTED]> wrote: > I would like a tutorial on integrating jaas in struts2 too. Or rather > than a tutorial, i would like to see some working code. I've done a lot > of reading (i'm new to java web applications, it's been only a month > since i've started) and i have some understanding on how this should > work but i just can't picture it yet in a real app. > > I know I'm not being helpful here, sorry. But if anyone wants to write a > tutorial on this, it would be greatly appreciated > > regards > Eugen Stoianovici > > Muhammad Momin Rashid wrote: > > Hello Tom, > > > > Thanks for your continued input. The application isn't simple, it is > > a J2EE application which will serve a large number of users (users > > will be using Web Browser or Mobile Device to access the application). > > > > Based on the help I got on this list, I have been successful in > > setting up JAAS and authenticating the user. > > > > Now I am just not sure if the user credentials are being kept. > > Following is the code I wrote which processes the user's login. Can > > you see what I am missing? I have placed the following code in the > > execute method of my action, perhaps it isn't the right place? > > > > Subject subject; > > Set principalList; > > > > String returnValue = SUCCESS; > > try > > { > > SecurityAssociationHandler handler = new > > SecurityAssociationHandler(); > > SimplePrincipal user = new SimplePrincipal(username); > > handler.setSecurityInfo(user, password.toCharArray()); > > LoginContext loginContext = new LoginContext("ContentPlatform", > > (CallbackHandler) handler); > > loginContext.login(); > > subject = loginContext.getSubject(); > > principalList = subject.getPrincipals(); > > principalList.add(user); > > > > System.out.println("o0o0o subject:" > > + subject); > > System.out.println("o0o0o principle:" > > + principalList); > > } > > catch (LoginException e) > > { > > e.printStackTrace(); > > returnValue = ERROR; > > } > > > > return returnValue; > > > > > > Regards, > > Muhammad Momin Rashid. > > > > tom tom wrote: > >> If it's simple application, you dont need JAAS, You > >> can do it via just session management isnt it? You > >> might need user, role, user-role threee tables on > >> database thats it :) > >> > >> If you are using Application server like Jboss, the > >> server itself got inbuilt features, which is > >> altogether a different discussion. > >> > >> > >> If the application is simple, do not make it > >> complicated, > >> > >> we use JASS with CAS central authentication service > >> which provided SSO features. > >> > >> > >> hope this helps > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> --- Muhammad Momin Rashid <[EMAIL PROTECTED]> wrote: > >> > >>> Hello tom, > >>> > >>> I am building a J2EE application, that is going to > >>> be viewed using Web Browser and Mobile Devices. > >>> > >>> I am trying to implement security so that only a > >>> logged in user with the correct role can access the different parts > >>> of the > >>> application e.g. a non-logged in user can only access the public > >>> information, a logged in user can access his private data, and an > >>> logged in > >>> admin user can access the admin console. > >>> > >>> Regards, > >>> Muhammad Momin Rashid. > >>> > >>> tom tom wrote: > >>>> what exactly you are trying to do? > >>>> > >>>> > >>>> --- Muhammad Momin Rashid <[EMAIL PROTECTED]> > >>> wrote: > >>>>> Hello Everyone, > >>>>> > >>>>> I am looking for a tutorial for integrating JAAS > >>>>> into my Struts 2 + Hibernate Application. Can anyone point me to > >>> the > >>>>> right resources? > >>>>> > >>>>> Is JAAS the best way to go, or there are better > >>>>> alternates? If anyone thinks there are better alternates, can you > >>> provide > >>>>> me with the links to relevant tutorials? > >>>>> > >>>>> Regards, > >>>>> Muhammad Momin Rashid. > >>>>> > >>>>> > >>>>> > >> --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: > >>>>> [EMAIL PROTECTED] > >>>>> For additional commands, e-mail: > >>>>> [EMAIL PROTECTED] > >>>>> > >>>>> > >>>> > >>>> > >>>> > >> ____________________________________________________________________________________ > >> > >>>> Luggage? GPS? Comic books? Check out fitting gifts for grads at > >>>> Yahoo! Search > >>>> > >> http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz > >>> > >>> > >> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: > >>> [EMAIL PROTECTED] > >>> For additional commands, e-mail: > >>> [EMAIL PROTECTED] > >>> > >>> > >> > >> > >> > >> > >> ____________________________________________________________________________________ > >> > >> Be a better Globetrotter. Get better travel answers from someone who > >> knows. Yahoo! Answers - Check it out. > >> http://answers.yahoo.com/dir/?link=list&sid=396545469 > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- "Paradoxically, the more time saving abstractions you are using the more you actually have to know." - Simon Willison --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
