RE: Where's the best place to do authentication
Hi Shogo, Have a look at the 'example' webapp provided with struts, this uses a taglib to check the user is logged on, I'm sure you could use/amend it to fit your purpose. Jon. -Original Message- From: Ito, Shogo [mailto:[EMAIL PROTECTED]] Sent: 21 May 2001 20:11 To: [EMAIL PROTECTED] Subject: Where's the best place to do authentication Where would be the best place/way to authenticate every user's request? I want to avoid inserting code to authenticate in all of my classes which extend Action class. Should I create a class like MyAction to put this sort of code, then extends this new class? Any better way? Any suggestion greatly appreciated. Shogo
Re: Where's the best place to do authentication
Jon.Ridgway [EMAIL PROTECTED] writes: Hi Shogo, Have a look at the 'example' webapp provided with struts, this uses a taglib to check the user is logged on, I'm sure you could use/amend it to fit your purpose. Jon. I am not very happy with taglibs checking for logged in user. Taglibs can be used only in JSP and JSP should implement the View part of the MVC pattern. Authenticating users is bussiness logic and so it shoud be done somewhere in the actions. -- gR
RE: Where's the best place to do authentication
Gregor the example application has the tag to check for logged in user in the jsp page. But in addition to this - they also check if the user is logged in in each action class. Another thing is the tag is not really authenticating the user but just checkign if the user has been authenticated, so that the user cant even see the jsp rather than find out upon performing some action in the page that he is not authenticated. pratima -Original Message- From: Gregor Rayman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 3:59 AM To: [EMAIL PROTECTED] Subject: Re: Where's the best place to do authentication Jon.Ridgway [EMAIL PROTECTED] writes: Hi Shogo, Have a look at the 'example' webapp provided with struts, this uses a taglib to check the user is logged on, I'm sure you could use/amend it to fit your purpose. Jon. I am not very happy with taglibs checking for logged in user. Taglibs can be used only in JSP and JSP should implement the View part of the MVC pattern. Authenticating users is bussiness logic and so it shoud be done somewhere in the actions. -- gR
RE: Where's the best place to do authentication
My view is that authentication is best handled totally outside of struts by the application server. The web deployment descriptor (web.xml) per the j2 spec is specifically designed to remove login mechanics from the developer. I'm running the JBoss/Tomcat at home and weblogic 5.1 at work and authentication using form based authentication works just fine. If the user can get to a page then they are already authenticated. Kurt -Original Message- From: George Henry C. Daswani [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 1:42 PM To: '[EMAIL PROTECTED]' Subject: RE: Where's the best place to do authentication Has anybody used JAAS and struts together? Why not use native java security? George Daswani On Tue, 22 May 2001, Gogineni, Pratima wrote: Gregor the example application has the tag to check for logged in user in the jsp page. But in addition to this - they also check if the user is logged in in each action class. Another thing is the tag is not really authenticating the user but just checkign if the user has been authenticated, so that the user cant even see the jsp rather than find out upon performing some action in the page that he is not authenticated. pratima -Original Message- From: Gregor Rayman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 3:59 AM To: [EMAIL PROTECTED] Subject: Re: Where's the best place to do authentication Jon.Ridgway [EMAIL PROTECTED] writes: Hi Shogo, Have a look at the 'example' webapp provided with struts, this uses a taglib to check the user is logged on, I'm sure you could use/amend it to fit your purpose. Jon. I am not very happy with taglibs checking for logged in user. Taglibs can be used only in JSP and JSP should implement the View part of the MVC pattern. Authenticating users is bussiness logic and so it shoud be done somewhere in the actions. -- gR
