Re: [Xdoclet-user] Using XDoclet to switch b/w form-based authenticationand JAAS

Thu, 05 Dec 2002 10:26:28 -0800 

See my comments to your blog entry:

http://www.raibledesigns.com:80/page/rd/20021205#using_jaas_and_making_it



Matt Raible wrote:
Hello All,

I'm in the midst of writing a chapter on Security in Web Applications for an upcoming Wrox book. I want to include a demonstration of using JAAS in my sample app, as well as using form-based authentication. Would it be possible to do the following with Ant and XDoclet?

* Use Ant and a task that runs if ${enable.jaas} is true
* This task (i.e. jaas) will add a JAAS policy file to the webapp, maybe in the WEB-INF/classes directory so it's in the classpath
* The jaas task will do some token replacement in login.jsp to change the form's action from j_security_check to something else. Ideally, I wouldn't have to do this.
* The webdoclet task with not merge the web-security.xml file into web.xml
* The ActionFilter, which I currently use to retrieve the user's information, will call the authenticate method and route appropriately if JAAS is enabled.

One thing I really like about form-based authentication (besides the ease of setup and no required programming) is that it allows users to bookmark pages in your app. When they select that bookmark again after logging out, they are prompted for a login and routed to the bookmark upon successful authentication. I hope JAAS can do this too.

Please respond to this list or comment on my weblog:

http://www.raibledesigns.com/page/rd/20021205#using_jaas_and_making_it

Thanks,

Matt



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Xdoclet-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/xdoclet-user




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Xdoclet-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/xdoclet-user

Reply via email to