Martin, did you let the shiro guys know about the problems you had building the jars? I haven't built the core package since it was still jsecurity.
I know that they've been doing lots of work on their svn repo, since they renamed the project. Les Hazlewood and the other shiro guys are extremely helpful and would probably like to know if their build is broken. Their userlist email is shiro-...@incubator.apache.org Aside from the problems associated with moving to an apache incubator project and the rename, the package is really easy to use, flexible, and powerful. Todd Kofford tkoff...@ku.edu University of Kansas - IT -----Original Message----- From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Friday, August 21, 2009 10:07 AM To: Struts Users Mailing List Subject: RE: Struts2 with Authentication & Security i had a devil of a time coaxing mvn package to build proper jars until i renamed the failing tests e.g: ren $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java.old ren $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java.old ls -al $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt 08/21/2009 09:23 AM 5,580 DefaultSessionManagerTest.java.old 08/21/2009 09:23 AM 2,411 DelegatingSessionTest.java.old 2 File(s) 7,991 bytes ren $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/.svn/text-base/DefaultSessionManagerTest.java.svn-base $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/.svn/text-base/DefaultSessionManagerTest.java.svn-base.old ren $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java.svn-base $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java.svn-base.old ls -al $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/.svn/text-base 08/21/2009 09:23 AM 5,580 DefaultSessionManagerTest.java.svn-base.o ld 08/21/2009 09:23 AM 2,411 DelegatingSessionTest.java.svn-base.old $SHIRO_HOME/trunk/core>mvn package i now have requisite plugin jars located at Directory of $SHIRO/trunk/core/target 08/21/2009 10:21 AM 1,602,462 shiro-core-1.0-incubating-SNAPSHOT-javado c.jar 08/21/2009 10:17 AM 407,412 shiro-core-1.0-incubating-SNAPSHOT-source s.jar 08/21/2009 10:17 AM 265,537 shiro-core-1.0-incubating-SNAPSHOT.jar Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Subject: RE: Struts2 with Authentication & Security > Date: Fri, 21 Aug 2009 08:14:25 -0500 > From: tkoff...@ku.edu > To: user@struts.apache.org > > I know that Spring Security (ACEGI) gets a lot of publicity, but there are > other alternatives out there too. > Last year I implemented a struts2 based system using Apache Shiro (formerly > jsecurity), and found it very easy to learn an implement. On their website, > http://cwiki.apache.org/SHIRO/ they have lots of documentation and examples. > > Todd Kofford > tkoff...@ku.edu > University of Kansas - IT > > "the continuum transfunctioner is a very mysterious and powerful device and > it's mystery is only exceeded by it's power" > > > > -----Original Message----- > From: Paweł Wielgus [mailto:poulw...@gmail.com] > Sent: Friday, August 21, 2009 7:10 AM > To: Struts Users Mailing List > Subject: Re: Struts2 with Authentication & Security > > Hi all, > "a few years ago" means also that this solution still works. > But from my point of view, inteceptor might be better if You are in a > situation > where You are not the only programmer > or You are laizy and have bad memory - just like me. > If so read this: > http://poulwiel.blogspot.com/2009/01/intercepting-all-actions-inside-my-app.html > > Or use Spring Security (ACEGI). > > Best greetings, > Paweł Wielgus. > > > > 2009/8/21 Lee Clemens <j...@leeclemens.net>: > > A few years ago, huh? You make it seem like such an archaic approach :) > > > > My question, I guess using a servlet/interceptor to do the same as this > > abstract class would conform more with the 'accepted' methodology? (I did > > play around with a servlet, but couldn't get it to redirect correct - I > > admit I haven't looked into Interceptors too deeply.) > > > > -----Original Message----- > > From: Wes Wannemacher [mailto:w...@wantii.com] > > Sent: Thursday, August 20, 2009 8:11 PM > > To: Struts Users Mailing List > > Subject: Re: Struts2 with Authentication & Security > > > > I used this same approach for an app I worked on a few years ago. > > There is nothing wrong, in fact its simplicity is a bit of an > > advantage. If you can fit your needs into this type of setup then you > > will probably be happy that it is so easy to follow. > > > > On 8/20/09, Lee Clemens <j...@leeclemens.net> wrote: > >> This may not be perfect, and I welcome any criticism to this approach: > >> > >> abstract class extends ActionSupport which overrides execute() to > >> authenticate requests and then return a call to abstract method, say, > >> doAction(), or error if they are not authenticated/timed out. > >> > >> Each action which needs to be protected simply extends the above abstract > >> class and implements doAction(), just as you would normally override > >> execute(). Make execute() final in the abstract class... > >> > >> Add another abstract method to get a group authentication level > > (implemented > >> by each action's class) and you have a fairly robust and straightforward > >> authentication scheme, IMHO > >> > >> With proper negative testing, you can be certain any developer didn't > > forget > >> to extend/implement the 'security' action for any given action that should > >> be restricted > >>[snip] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > _________________________________________________________________ Hotmail® is up to 70% faster. Now good news travels really fast. http://windowslive.com/online/hotmail?ocid=PID23391::T:WLMTAGL:ON:WL:en-US:WM_HYGN_faster:082009
