Hi John, thanks for responding.
I think that what I will do (if I ever get to that stage of this
project, right now I'm still working on domain layer), is use CMA via
JNDI (JNDIRealm) to authenticate against LDAP. Then, if the
authentication proves successful, the HTTP request continues to the
webapp where it is intercepted by a filter, which performs
authentication against the app-specific DB (with its own username list).
Then, if authentication is successful, the user is logged in and goes
wherever they were headed -- but if not, they are redirected to an
Action where they can fill out a form to request an app-specific account.
I'll post here if I'm able to get that up and running, though again,
right now I'm focused on another part of the code.
Erik
PS: interesting -- you got this email pretty late?
John Tangney wrote:
The way CMA works, the auth happens completely transparently. That is, auth
happens before your app even sees the HttpRequest.
If you want to do a second auth-like thing with that request, the you'd set
up an action to do so.
Note that the CMA can access the same db tables as the rest of the app,
using a JDBCRealm (rather than JNDI.) But I guess you want to maintain
separate lists of users, right?
Sorry if this is not much help. If you could explain the use case(s) a
little, maybe we can help come up with an architecture that'll do the trick.
--johnt
Strictly speaking this is OT, since CMA is not a Struts thing, but who ya
gonna ask? ;-
in article [EMAIL PROTECTED], Erik Price at [EMAIL PROTECTED] wrote on
5/19/03 8:29 AM:
Hi,
I am soliciting advice from other struts and web developers. I am
moving my in-progress project (JSP servlets only) to Struts framework
after having been converted at a JUG meeting, and am planning things
out. One of the things I would like to do is move from my current
security model (which uses a homebrewed authentication filter) to
container-managed authorization/authentication. However, I would like
to perform two steps in the login and am not sure if this is possible
with CMA.
When a user requests a resource of the webapp, a login (form-based auth)
should be presented, and the user enters username and password. The
authorization is performed against LDAP (partly the motivation to move
from my security filter to container-managed auth is to make JNDI/LDAP
auth easier to set up). If the user authorizes successfully, then a
*second* step is performed -- authenticate against a local (non-LDAP)
database of registered users. If the user's name is present in this
database, fine, log in as normal. However, if the username is not
present in this database, then the user must be requesting an account to
use this webapp: execute the NewUserRequestAction.
This is something I can easily do with my filter, simply by implementing
the code myself. But is it possible to do with container-managed
authorization? Any suggestions? BTW I would like to perform all of
this within a single HTTP request so that there is no opportunity for
the user to change the username after authorizing against LDAP but
before querying the database.
Thanks,
Erik
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
