RE: JAAS struts 2 Tutorial?
Better a late replay than none at all :) Is JAAS the best way to go, or there are better alternates? 'JAAS' encompasses a lot of stuff, so it depends what you are trying to do... Let me assume for the minute that you are talking about login/authentication... In this case, it depends whether you need your user to be authenticated to your J2EE container or not. (If for example you want to control authorisation to any EJBs that you call via their deployment descriptor, then you will need to be authenticated to the container ) JAAS will give you this, but unfortunately will require you to write a server specific LoginModule for every server you need to support. If, however, you don't need this, then something like Acegi (http://www.acegisecurity.org/) will give you a more portable solution cheers Perryn -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Muhammad Momin Rashid Sent: Wednesday, 12 September 2007 7:32 PM To: user@struts.apache.org Subject: JAAS struts 2 Tutorial? Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail and any attachments to it (the Communication) is, unless otherwise stated, confidential, may contain copyright material and is for the use only of the intended recipient. If you receive the Communication in error, please notify the sender immediately by return e-mail, delete the Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal with it. Any views expressed in the Communication are those of the individual sender only, unless expressly stated to be those of Australia and New Zealand Banking Group Limited ABN 11 005 357 522, or any of its related entities including ANZ National Bank Limited (together ANZ). ANZ does not accept liability in connection with the integrity of or errors in the Communication, computer virus, data corruption, interference or delay arising from or in respect of the Communication. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
In the web app I'm currently developing (which uses JAAS authentication), I've done the following: 1) Create an HttpServletRequestWrapper to override the isUserInRole method 2) Create an AnnotationRoles class to annotate my actions if they require particular roles 3) Create an AnnotationRolesInterceptor (as described in this forum) to determine if the user has the role required by the annotation What are the advantages of using acegi over this custom implementation? And what is the license model of acegi? Ian Roughley wrote: If you are not using container managed persistence, where the HttpRequest values are being set in the environment, you probably don't want to use the Principal or PrincipalAware interface, or even to wrap the HttpServletRequest (this email was in response to using a servlet wrapper to re-implement code already present in s2). Options I've used are creating an interceptor to access the security context (I've not used JAAS personally), and then create an annotation to signify actions/methods that need security information assigned to them. The same annotation, or another, could also be used to declaratively configure those actions that require a specific role from the security context in order to be invoked. /Ian Chris Pratt wrote: On 9/18/07, Ian Roughley [EMAIL PROTECTED] wrote: By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. But if you don't use Container Managed Authentication, how do you get the Principal into the request so that PrincipalAware can inject it, without using a ServletFilter? (*Chris*) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/JAAS-struts-2-Tutorial--tf4428234.html#a12858416 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
You can find the key features of acegi here - http://www.acegisecurity.org/. I see the advantages as being able to customize the authentication and authorization from within the scope of the web application, and not external configuration via an app server. But then, this also depends on the app server. /Ian wild_oscar wrote: In the web app I'm currently developing (which uses JAAS authentication), I've done the following: 1) Create an HttpServletRequestWrapper to override the isUserInRole method 2) Create an AnnotationRoles class to annotate my actions if they require particular roles 3) Create an AnnotationRolesInterceptor (as described in this forum) to determine if the user has the role required by the annotation What are the advantages of using acegi over this custom implementation? And what is the license model of acegi? Ian Roughley wrote: If you are not using container managed persistence, where the HttpRequest values are being set in the environment, you probably don't want to use the Principal or PrincipalAware interface, or even to wrap the HttpServletRequest (this email was in response to using a servlet wrapper to re-implement code already present in s2). Options I've used are creating an interceptor to access the security context (I've not used JAAS personally), and then create an annotation to signify actions/methods that need security information assigned to them. The same annotation, or another, could also be used to declaratively configure those actions that require a specific role from the security context in order to be invoked. /Ian Chris Pratt wrote: On 9/18/07, Ian Roughley [EMAIL PROTECTED] wrote: By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. But if you don't use Container Managed Authentication, how do you get the Principal into the request so that PrincipalAware can inject it, without using a ServletFilter? (*Chris*) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hi all,
I think this is a generic problem rather than something Struts 2
specific. Ideally in this situation you would want to be able to
access getRemoteUser() and isUserInRole() from the request.
One approach is to use your application servers' container managed
security, e.g. Tomcat JAASRealm.
Alternatively, the best way I can come up with is by extending
HttpServletRequestWrapper so that you can perform a
setUserPrincipal(), setRemoteUser() (etc.) and then wrapping the
request with your HttpServletRequestWrapper inside a ServletFilter.
Here is a VERY simple example that I wrote of such a filter which sets
up a user called test using this idea.
https://bmarks-portlet.svn.sourceforge.net/svnroot/bmarks-portlet/bmarks-portlet/trunk/src/main/java/uk/ac/bris/portlet/bookmarks/web/SimpleAuthFilter.java
However, since this relies on a ServletFilter you will require a
slightly different mechanism for portlets.
Mark
On 9/17/07, Eugen Stoianovici [EMAIL PROTECTED] wrote:
I would like a tutorial on integrating jaas in struts2 too. Or rather
than a tutorial, i would like to see some working code. I've done a lot
of reading (i'm new to java web applications, it's been only a month
since i've started) and i have some understanding on how this should
work but i just can't picture it yet in a real app.
I know I'm not being helpful here, sorry. But if anyone wants to write a
tutorial on this, it would be greatly appreciated
regards
Eugen Stoianovici
Muhammad Momin Rashid wrote:
Hello Tom,
Thanks for your continued input. The application isn't simple, it is
a J2EE application which will serve a large number of users (users
will be using Web Browser or Mobile Device to access the application).
Based on the help I got on this list, I have been successful in
setting up JAAS and authenticating the user.
Now I am just not sure if the user credentials are being kept.
Following is the code I wrote which processes the user's login. Can
you see what I am missing? I have placed the following code in the
execute method of my action, perhaps it isn't the right place?
Subject subject;
Set principalList;
String returnValue = SUCCESS;
try
{
SecurityAssociationHandler handler = new
SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext(ContentPlatform,
(CallbackHandler) handler);
loginContext.login();
subject = loginContext.getSubject();
principalList = subject.getPrincipals();
principalList.add(user);
System.out.println(o0o0o subject:
+ subject);
System.out.println(o0o0o principle:
+ principalList);
}
catch (LoginException e)
{
e.printStackTrace();
returnValue = ERROR;
}
return returnValue;
Regards,
Muhammad Momin Rashid.
tom tom wrote:
If it's simple application, you dont need JAAS, You
can do it via just session management isnt it? You
might need user, role, user-role threee tables on
database thats it :)
If you are using Application server like Jboss, the
server itself got inbuilt features, which is
altogether a different discussion.
If the application is simple, do not make it
complicated,
we use JASS with CAS central authentication service
which provided SSO features.
hope this helps
--- Muhammad Momin Rashid [EMAIL PROTECTED] wrote:
Hello tom,
I am building a J2EE application, that is going to
be viewed using Web Browser and Mobile Devices.
I am trying to implement security so that only a
logged in user with the correct role can access the different parts
of the
application e.g. a non-logged in user can only access the public
information, a logged in user can access his private data, and an
logged in
admin user can access the admin console.
Regards,
Muhammad Momin Rashid.
tom tom wrote:
what exactly you are trying to do?
--- Muhammad Momin Rashid [EMAIL PROTECTED]
wrote:
Hello Everyone,
I am looking for a tutorial for integrating JAAS
into my Struts 2 + Hibernate Application. Can anyone point me to
the
right resources?
Is JAAS the best way to go, or there are better
alternates? If anyone thinks there are better alternates, can you
provide
me with the links to relevant tutorials?
Regards,
Muhammad Momin Rashid.
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
Luggage? GPS? Comic books? Check out fitting gifts for grads at
Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
Re: JAAS struts 2 Tutorial?
On 9/18/07, Ian Roughley [EMAIL PROTECTED] wrote: By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. But if you don't use Container Managed Authentication, how do you get the Principal into the request so that PrincipalAware can inject it, without using a ServletFilter? (*Chris*) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
By implementing the PrincipalAware interface, the Principal object will
be injected into the action with those values from the request (the
user, roles, etc.). The values can be be used in the action, or the
Principal can be exposed with a setter for the actions to use.
/Ian
Mark McLaren wrote:
Hi all,
I think this is a generic problem rather than something Struts 2
specific. Ideally in this situation you would want to be able to
access getRemoteUser() and isUserInRole() from the request.
One approach is to use your application servers' container managed
security, e.g. Tomcat JAASRealm.
Alternatively, the best way I can come up with is by extending
HttpServletRequestWrapper so that you can perform a
setUserPrincipal(), setRemoteUser() (etc.) and then wrapping the
request with your HttpServletRequestWrapper inside a ServletFilter.
Here is a VERY simple example that I wrote of such a filter which sets
up a user called test using this idea.
https://bmarks-portlet.svn.sourceforge.net/svnroot/bmarks-portlet/bmarks-portlet/trunk/src/main/java/uk/ac/bris/portlet/bookmarks/web/SimpleAuthFilter.java
However, since this relies on a ServletFilter you will require a
slightly different mechanism for portlets.
Mark
On 9/17/07, Eugen Stoianovici [EMAIL PROTECTED] wrote:
I would like a tutorial on integrating jaas in struts2 too. Or rather
than a tutorial, i would like to see some working code. I've done a lot
of reading (i'm new to java web applications, it's been only a month
since i've started) and i have some understanding on how this should
work but i just can't picture it yet in a real app.
I know I'm not being helpful here, sorry. But if anyone wants to write a
tutorial on this, it would be greatly appreciated
regards
Eugen Stoianovici
Muhammad Momin Rashid wrote:
Hello Tom,
Thanks for your continued input. The application isn't simple, it is
a J2EE application which will serve a large number of users (users
will be using Web Browser or Mobile Device to access the application).
Based on the help I got on this list, I have been successful in
setting up JAAS and authenticating the user.
Now I am just not sure if the user credentials are being kept.
Following is the code I wrote which processes the user's login. Can
you see what I am missing? I have placed the following code in the
execute method of my action, perhaps it isn't the right place?
Subject subject;
Set principalList;
String returnValue = SUCCESS;
try
{
SecurityAssociationHandler handler = new
SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext(ContentPlatform,
(CallbackHandler) handler);
loginContext.login();
subject = loginContext.getSubject();
principalList = subject.getPrincipals();
principalList.add(user);
System.out.println(o0o0o subject:
+ subject);
System.out.println(o0o0o principle:
+ principalList);
}
catch (LoginException e)
{
e.printStackTrace();
returnValue = ERROR;
}
return returnValue;
Regards,
Muhammad Momin Rashid.
tom tom wrote:
If it's simple application, you dont need JAAS, You
can do it via just session management isnt it? You
might need user, role, user-role threee tables on
database thats it :)
If you are using Application server like Jboss, the
server itself got inbuilt features, which is
altogether a different discussion.
If the application is simple, do not make it
complicated,
we use JASS with CAS central authentication service
which provided SSO features.
hope this helps
--- Muhammad Momin Rashid [EMAIL PROTECTED] wrote:
Hello tom,
I am building a J2EE application, that is going to
be viewed using Web Browser and Mobile Devices.
I am trying to implement security so that only a
logged in user with the correct role can access the different parts
of the
application e.g. a non-logged in user can only access the public
information, a logged in user can access his private data, and an
logged in
admin user can access the admin console.
Regards,
Muhammad Momin Rashid.
tom tom wrote:
what exactly you are trying to do?
--- Muhammad Momin Rashid [EMAIL PROTECTED]
wrote:
Hello Everyone,
I am looking for a tutorial for integrating JAAS
into my Struts 2 + Hibernate Application. Can anyone point me to
the
right resources?
Is JAAS the best way to go, or there are better
alternates? If anyone thinks there are better alternates, can you
provide
me with the links to relevant tutorials?
Regards,
Muhammad Momin Rashid.
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
If you are not using container managed persistence, where the HttpRequest values are being set in the environment, you probably don't want to use the Principal or PrincipalAware interface, or even to wrap the HttpServletRequest (this email was in response to using a servlet wrapper to re-implement code already present in s2). Options I've used are creating an interceptor to access the security context (I've not used JAAS personally), and then create an annotation to signify actions/methods that need security information assigned to them. The same annotation, or another, could also be used to declaratively configure those actions that require a specific role from the security context in order to be invoked. /Ian Chris Pratt wrote: On 9/18/07, Ian Roughley [EMAIL PROTECTED] wrote: By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. But if you don't use Container Managed Authentication, how do you get the Principal into the request so that PrincipalAware can inject it, without using a ServletFilter? (*Chris*) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hello Tom,
Thanks for your continued input. The application isn't simple, it is a
J2EE application which will serve a large number of users (users will be
using Web Browser or Mobile Device to access the application).
Based on the help I got on this list, I have been successful in setting
up JAAS and authenticating the user.
Now I am just not sure if the user credentials are being kept.
Following is the code I wrote which processes the user's login. Can you
see what I am missing? I have placed the following code in the execute
method of my action, perhaps it isn't the right place?
Subject subject;
Set principalList;
String returnValue = SUCCESS;
try
{
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext(ContentPlatform,
(CallbackHandler) handler);
loginContext.login();
subject = loginContext.getSubject();
principalList = subject.getPrincipals();
principalList.add(user);
System.out.println(o0o0o subject:
+ subject);
System.out.println(o0o0o principle:
+ principalList);
}
catch (LoginException e)
{
e.printStackTrace();
returnValue = ERROR;
}
return returnValue;
Regards,
Muhammad Momin Rashid.
tom tom wrote:
If it's simple application, you dont need JAAS, You
can do it via just session management isnt it? You
might need user, role, user-role threee tables on
database
thats it :)
If you are using Application server like Jboss, the
server itself got inbuilt features, which is
altogether a different discussion.
If the application is simple, do not make it
complicated,
we use JASS with CAS central authentication service
which provided SSO features.
hope this helps
--- Muhammad Momin Rashid [EMAIL PROTECTED] wrote:
Hello tom,
I am building a J2EE application, that is going to
be viewed using Web
Browser and Mobile Devices.
I am trying to implement security so that only a
logged in user with the
correct role can access the different parts of the
application e.g. a
non-logged in user can only access the public
information, a logged in
user can access his private data, and an logged in
admin user can access
the admin console.
Regards,
Muhammad Momin Rashid.
tom tom wrote:
what exactly you are trying to do?
--- Muhammad Momin Rashid [EMAIL PROTECTED]
wrote:
Hello Everyone,
I am looking for a tutorial for integrating JAAS
into my Struts 2 +
Hibernate Application. Can anyone point me to
the
right resources?
Is JAAS the best way to go, or there are better
alternates? If anyone
thinks there are better alternates, can you
provide
me with the links to
relevant tutorials?
Regards,
Muhammad Momin Rashid.
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
Be a better Globetrotter. Get better travel answers from someone who knows.
Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=listsid=396545469
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
I would like a tutorial on integrating jaas in struts2 too. Or rather
than a tutorial, i would like to see some working code. I've done a lot
of reading (i'm new to java web applications, it's been only a month
since i've started) and i have some understanding on how this should
work but i just can't picture it yet in a real app.
I know I'm not being helpful here, sorry. But if anyone wants to write a
tutorial on this, it would be greatly appreciated
regards
Eugen Stoianovici
Muhammad Momin Rashid wrote:
Hello Tom,
Thanks for your continued input. The application isn't simple, it is
a J2EE application which will serve a large number of users (users
will be using Web Browser or Mobile Device to access the application).
Based on the help I got on this list, I have been successful in
setting up JAAS and authenticating the user.
Now I am just not sure if the user credentials are being kept.
Following is the code I wrote which processes the user's login. Can
you see what I am missing? I have placed the following code in the
execute method of my action, perhaps it isn't the right place?
Subject subject;
Set principalList;
String returnValue = SUCCESS;
try
{
SecurityAssociationHandler handler = new
SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext(ContentPlatform,
(CallbackHandler) handler);
loginContext.login();
subject = loginContext.getSubject();
principalList = subject.getPrincipals();
principalList.add(user);
System.out.println(o0o0o subject:
+ subject);
System.out.println(o0o0o principle:
+ principalList);
}
catch (LoginException e)
{
e.printStackTrace();
returnValue = ERROR;
}
return returnValue;
Regards,
Muhammad Momin Rashid.
tom tom wrote:
If it's simple application, you dont need JAAS, You
can do it via just session management isnt it? You
might need user, role, user-role threee tables on
database thats it :)
If you are using Application server like Jboss, the
server itself got inbuilt features, which is
altogether a different discussion.
If the application is simple, do not make it
complicated,
we use JASS with CAS central authentication service
which provided SSO features.
hope this helps
--- Muhammad Momin Rashid [EMAIL PROTECTED] wrote:
Hello tom,
I am building a J2EE application, that is going to
be viewed using Web Browser and Mobile Devices.
I am trying to implement security so that only a
logged in user with the correct role can access the different parts
of the
application e.g. a non-logged in user can only access the public
information, a logged in user can access his private data, and an
logged in
admin user can access the admin console.
Regards,
Muhammad Momin Rashid.
tom tom wrote:
what exactly you are trying to do?
--- Muhammad Momin Rashid [EMAIL PROTECTED]
wrote:
Hello Everyone,
I am looking for a tutorial for integrating JAAS
into my Struts 2 + Hibernate Application. Can anyone point me to
the
right resources?
Is JAAS the best way to go, or there are better
alternates? If anyone thinks there are better alternates, can you
provide
me with the links to relevant tutorials?
Regards,
Muhammad Momin Rashid.
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
Luggage? GPS? Comic books? Check out fitting gifts for grads at
Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
Be a better Globetrotter. Get better travel answers from someone who
knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=listsid=396545469
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
If it's simple application, you dont need JAAS, You can do it via just session management isnt it? You might need user, role, user-role threee tables on database thats it :) If you are using Application server like Jboss, the server itself got inbuilt features, which is altogether a different discussion. If the application is simple, do not make it complicated, we use JASS with CAS central authentication service which provided SSO features. hope this helps --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote: what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545469 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote: what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS struts 2 Tutorial?
Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hi Muhammad, With respect to JAAS integration. Do you mean something like this? http://struts.apache.org/2.x/docs/how-do-i-obtain-security-details-jaas.html I'm new to Struts 2 but I would imagine you probably want an interceptor of some kind (RolesInterceptor, PrincipalAware etc.) to pass your authentication and authorization details into your Struts Actions. As regards Hibernate integration, I would imagine your best option would be to inject your Hibernate Data Access Object (DAO) into your Struts 2 application using Spring (or something like it, e.g. Guice). If you write your application following the usual IoC best practices you will end up with an application where it should be easy to replace Hibernate with something else (e.g. TopLink, iBATIS, JDBC[Template]). You should then be able to test this code away from the web and reuse it elsewhere. http://static.springframework.org/spring/docs/2.0.x/reference/orm.html#orm-hibernate http://struts.apache.org/2.0.9/docs/spring-plugin.html Alternatively here is an example of writing a Hibernate Aware Struts 2 Action. http://www.hibernate.org/51.html HTH Mark On 9/12/07, Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. -- Paradoxically, the more time saving abstractions you are using the more you actually have to know. - Simon Willison - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hello Mark, Thanks for your response. Actually I am writing a Web Application from Scratch, using Struts 2 and Hibernate. I need to implement security so that only authorised User can access the desired pages. The user names, passwords and their roles are stored in the database. I am looking for a tutorial that can guide me through implementation of JAAS based security for my web application. I am starting from scratch here. Regards, Muhammad Momin Rashid. Mark McLaren wrote: Hi Muhammad, With respect to JAAS integration. Do you mean something like this? http://struts.apache.org/2.x/docs/how-do-i-obtain-security-details-jaas.html I'm new to Struts 2 but I would imagine you probably want an interceptor of some kind (RolesInterceptor, PrincipalAware etc.) to pass your authentication and authorization details into your Struts Actions. As regards Hibernate integration, I would imagine your best option would be to inject your Hibernate Data Access Object (DAO) into your Struts 2 application using Spring (or something like it, e.g. Guice). If you write your application following the usual IoC best practices you will end up with an application where it should be easy to replace Hibernate with something else (e.g. TopLink, iBATIS, JDBC[Template]). You should then be able to test this code away from the web and reuse it elsewhere. http://static.springframework.org/spring/docs/2.0.x/reference/orm.html#orm-hibernate http://struts.apache.org/2.0.9/docs/spring-plugin.html Alternatively here is an example of writing a Hibernate Aware Struts 2 Action. http://www.hibernate.org/51.html HTH Mark On 9/12/07, Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Muhammad, Starting out from scratch should you use JAAS? I'm not a JAAS expert (I tend to use JASIG CAS which uses JAAS internally and SecurityFilter) but I imagine it all depends on your circumstances. From what I can gather if you need to reuse the exact same login mechanism for desktop applications, command line applications, applets, web applications and such then it is probably worth the effort to create a JAAS LoginModule and configure your web application to use that. Granted JAAS is a standard mechanism but it looks like it can be a complex mechanism at times. If your application is only ever going to be a web application then you are probably justified in producing a simpler homegrown solution (at least to start with). The example below shows one way to create a Struts 2 login interceptor using Spring. http://www.vitarara.org/cms/struts_2_cookbook/creating_a_login_interceptor In the example above the actual authentication is conducted by a Spring bean (securityManager). Using Spring's JDBCTemplates, LDAPTemplates, HibernateTemplate it is fairly simple to create beans that access various datasources in various ways. It would also be easy enough to extend the securityManager to access role information. Of course you can always access your JAAS login module via your Spring bean a later date if you so choose. HTH Mark On 9/12/07, Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Mark, Thanks for your response. Actually I am writing a Web Application from Scratch, using Struts 2 and Hibernate. I need to implement security so that only authorised User can access the desired pages. The user names, passwords and their roles are stored in the database. I am looking for a tutorial that can guide me through implementation of JAAS based security for my web application. I am starting from scratch here. Regards, Muhammad Momin Rashid. -- Paradoxically, the more time saving abstractions you are using the more you actually have to know. - Simon Willison - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
Hi Muhammad, Try searching my messages chronologically and you'll get plenty to start with! Muhammad Momin Rashid-2 wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/JAAS-struts-2-Tutorial--tf4428234.html#a12639734 Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS struts 2 Tutorial?
what exactly you are trying to do? --- Muhammad Momin Rashid [EMAIL PROTECTED] wrote: Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me to the right resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can you provide me with the links to relevant tutorials? Regards, Muhammad Momin Rashid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mailp=graduation+giftscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
