RE: Where's the best place to do authentication
My view is that authentication is best handled totally outside of struts by the application server. The web deployment descriptor (web.xml) per the j2 spec is specifically designed to remove login mechanics from the developer. I'm running the JBoss/Tomcat at home and weblogic 5.1 at work and authentication using form based authentication works just fine. If the user can get to a page then they are already authenticated. Kurt -Original Message- From: George Henry C. Daswani [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 1:42 PM To: '[EMAIL PROTECTED]' Subject: RE: Where's the best place to do authentication Has anybody used JAAS and struts together? Why not use native java security? George Daswani On Tue, 22 May 2001, Gogineni, Pratima wrote: > Gregor the example application has the tag to check for logged in user in > the jsp page. > > But in addition to this - they also check if the user is logged in in each > action class. > > Another thing is the tag is not really authenticating the user but just > checkign if the user has been authenticated, so that the user cant even see > the jsp rather than find out upon performing some action in the page that he > is not authenticated. > > pratima > > -Original Message- > From: Gregor Rayman [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 22, 2001 3:59 AM > To: [EMAIL PROTECTED] > Subject: Re: Where's the best place to do authentication > > > "Jon.Ridgway" <[EMAIL PROTECTED]> writes: > > > Hi Shogo, > > > > Have a look at the 'example' webapp provided with struts, this uses a > taglib > > to check the user is logged on, I'm sure you could use/amend it to fit > your > > purpose. > > > > Jon. > > I am not very happy with taglibs checking for logged in user. Taglibs can be > used > only in JSP and JSP should implement the View part of the MVC pattern. > Authenticating users is bussiness logic and so it shoud be done somewhere in > the actions. > > -- > gR >
RE: Where's the best place to do authentication
Has anybody used JAAS and struts together? Why not use native java security? George Daswani On Tue, 22 May 2001, Gogineni, Pratima wrote: > Gregor the example application has the tag to check for logged in user in > the jsp page. > > But in addition to this - they also check if the user is logged in in each > action class. > > Another thing is the tag is not really authenticating the user but just > checkign if the user has been authenticated, so that the user cant even see > the jsp rather than find out upon performing some action in the page that he > is not authenticated. > > pratima > > -Original Message- > From: Gregor Rayman [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 22, 2001 3:59 AM > To: [EMAIL PROTECTED] > Subject: Re: Where's the best place to do authentication > > > "Jon.Ridgway" <[EMAIL PROTECTED]> writes: > > > Hi Shogo, > > > > Have a look at the 'example' webapp provided with struts, this uses a > taglib > > to check the user is logged on, I'm sure you could use/amend it to fit > your > > purpose. > > > > Jon. > > I am not very happy with taglibs checking for logged in user. Taglibs can be > used > only in JSP and JSP should implement the View part of the MVC pattern. > Authenticating users is bussiness logic and so it shoud be done somewhere in > the actions. > > -- > gR >
RE: Where's the best place to do authentication
Gregor the example application has the tag to check for logged in user in the jsp page. But in addition to this - they also check if the user is logged in in each action class. Another thing is the tag is not really authenticating the user but just checkign if the user has been authenticated, so that the user cant even see the jsp rather than find out upon performing some action in the page that he is not authenticated. pratima -Original Message- From: Gregor Rayman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 3:59 AM To: [EMAIL PROTECTED] Subject: Re: Where's the best place to do authentication "Jon.Ridgway" <[EMAIL PROTECTED]> writes: > Hi Shogo, > > Have a look at the 'example' webapp provided with struts, this uses a taglib > to check the user is logged on, I'm sure you could use/amend it to fit your > purpose. > > Jon. I am not very happy with taglibs checking for logged in user. Taglibs can be used only in JSP and JSP should implement the View part of the MVC pattern. Authenticating users is bussiness logic and so it shoud be done somewhere in the actions. -- gR
RE: Where's the best place to do authentication
The example application has security coded in the application itself - probably because more control was essential since they were setting the user subscription info in the session upon this action. The other option if you dont require this kind of control is to use the security provided by the appserver. Actually I have a related question - is it possible to do something upon logon - even though we use the appsever provided security. In the example application can use the appserver provided security and when the user logs in put the user info in the session? Pratima -Original Message- From: Jon.Ridgway [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 1:56 AM To: [EMAIL PROTECTED] Subject: RE: Where's the best place to do authentication Hi Shogo, Have a look at the 'example' webapp provided with struts, this uses a taglib to check the user is logged on, I'm sure you could use/amend it to fit your purpose. Jon. -Original Message- From: Ito, Shogo [mailto:[EMAIL PROTECTED]] Sent: 21 May 2001 20:11 To: [EMAIL PROTECTED] Subject: Where's the best place to do authentication Where would be the best place/way to authenticate every user's request? I want to avoid inserting "code to authenticate" in all of my classes which extend Action class. Should I create a class like MyAction to put this sort of code, then extends this new class? Any better way? Any suggestion greatly appreciated. Shogo
RE: Where's the best place to do authentication
Hi Shogo, Good point... Jon. -Original Message- From: Gregor Rayman [mailto:[EMAIL PROTECTED]] Sent: 22 May 2001 11:59 To: [EMAIL PROTECTED] Subject: Re: Where's the best place to do authentication "Jon.Ridgway" <[EMAIL PROTECTED]> writes: > Hi Shogo, > > Have a look at the 'example' webapp provided with struts, this uses a taglib > to check the user is logged on, I'm sure you could use/amend it to fit your > purpose. > > Jon. I am not very happy with taglibs checking for logged in user. Taglibs can be used only in JSP and JSP should implement the View part of the MVC pattern. Authenticating users is bussiness logic and so it shoud be done somewhere in the actions. -- gR
Re: Where's the best place to do authentication
"Jon.Ridgway" <[EMAIL PROTECTED]> writes: > Hi Shogo, > > Have a look at the 'example' webapp provided with struts, this uses a taglib > to check the user is logged on, I'm sure you could use/amend it to fit your > purpose. > > Jon. I am not very happy with taglibs checking for logged in user. Taglibs can be used only in JSP and JSP should implement the View part of the MVC pattern. Authenticating users is bussiness logic and so it shoud be done somewhere in the actions. -- gR
RE: Where's the best place to do authentication
Hi Shogo, Have a look at the 'example' webapp provided with struts, this uses a taglib to check the user is logged on, I'm sure you could use/amend it to fit your purpose. Jon. -Original Message- From: Ito, Shogo [mailto:[EMAIL PROTECTED]] Sent: 21 May 2001 20:11 To: [EMAIL PROTECTED] Subject: Where's the best place to do authentication Where would be the best place/way to authenticate every user's request? I want to avoid inserting "code to authenticate" in all of my classes which extend Action class. Should I create a class like MyAction to put this sort of code, then extends this new class? Any better way? Any suggestion greatly appreciated. Shogo
Re: Where's the best place to do authentication
I like using the servlet container to perform authentication. Then you can define your security rules in web.xml file. adminPages /admin/* MyAdmin Tomcat has a JDBC Realm you can use. Setting up the realm is specific to the app server you are using, but your web app is portable. David --- "Ito, Shogo" <[EMAIL PROTECTED]> wrote: > Where would be the best place/way to authenticate > every user's request? I > want to avoid inserting "code to authenticate" in > all of my classes which > extend Action class. Should I create a class like > MyAction to put this sort > of code, then extends this new class? Any better > way? > > Any suggestion greatly appreciated. > Shogo __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Where's the best place to do authentication
Where would be the best place/way to authenticate every user's request? I want to avoid inserting "code to authenticate" in all of my classes which extend Action class. Should I create a class like MyAction to put this sort of code, then extends this new class? Any better way? Any suggestion greatly appreciated. Shogo
