SV: Login with authentication from database
Hi Also you might want to look at SecurityFilter (http://securityfilter.sourceforge.net/). It is an easy to use implementation of the mentioned below (JDBCReal, JAAS). Hermod -Opprinnelig melding- Fra: Bill Schneider [mailto:[EMAIL PROTECTED] Sendt: 8. august 2005 15:05 Til: user@struts.apache.org Emne: Re: Login with authentication from database If you're specifically interested in authentication from a database (tables for users, roles and mappings), and using Tomcat, the JDBCRealm is the way to go: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#JDBCRea lm You might not need to learn about JAAS if all you want is simple form-based username/password authentication. -- Bill >> If your using Tomcat 5.5.x, then this may help: >> >> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#JAASRea lm >> >> >> >> /robert >> >> Laurie Harper wrote: >> >>> I haven't used container managed security very much but I think the >>> way you'd do that is to set up multiple security realms in Tomcat >>> (one per application or one per database) and then configure your >>> security constraints in the web.xml for each application. Your Tomcat >>> books should have more details on how to do that than I can provide >>> I'm afraid... >>> >>> L. >>> -- Bill Schneider Chief Architect Vecna Technologies 5004 Lehigh Rd. College Park, MD 20740 [EMAIL PROTECTED] t: 301-864-7253 x1140 f: 301-699-3180 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This email with attachments is solely for the use of the individual or entity to whom it is addressed. Please also be aware that the DnB NOR Group cannot accept any payment orders or other legally binding correspondence with customers as a part of an email. This email message has been virus checked by the virus programs used in the DnB NOR Group. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login with authentication from database
If you're specifically interested in authentication from a database (tables for users, roles and mappings), and using Tomcat, the JDBCRealm is the way to go: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#JDBCRealm You might not need to learn about JAAS if all you want is simple form-based username/password authentication. -- Bill If your using Tomcat 5.5.x, then this may help: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#JAASRealm /robert Laurie Harper wrote: I haven't used container managed security very much but I think the way you'd do that is to set up multiple security realms in Tomcat (one per application or one per database) and then configure your security constraints in the web.xml for each application. Your Tomcat books should have more details on how to do that than I can provide I'm afraid... L. -- Bill Schneider Chief Architect Vecna Technologies 5004 Lehigh Rd. College Park, MD 20740 [EMAIL PROTECTED] t: 301-864-7253 x1140 f: 301-699-3180 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login with authentication from database
If your using Tomcat 5.5.x, then this may help: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#JAASRealm /robert Laurie Harper wrote: I haven't used container managed security very much but I think the way you'd do that is to set up multiple security realms in Tomcat (one per application or one per database) and then configure your security constraints in the web.xml for each application. Your Tomcat books should have more details on how to do that than I can provide I'm afraid... L. C.F. Scheidecker Antunes wrote: Thanks Laurie! I have quite a few Struts and Tomcat books. What I wonder is exactly where to set up JAAS. That's because I might have more than one app in the same Tomcat5 server. So I wonder if for each database/application I could configure JAAS separately, that is can I do it only within one Struts apps use a separate database,tables for that specific struts apps? If so what is the XML config file that I should have that? My struts-config.xml? Laurie Harper wrote: C.F. Scheidecker Antunes wrote: I am learning my ways through Struts having done Servlets and JSPs before. In order to have authentication functionalities with my Servlets I used to have a user table and a roles table. Once the user logs in he/she would be authenticated with the user name, password through Tomcat as it was configured with the database information, table name, etc. I would like to do pretty much the same with Struts. I have checked the O'Reilly Struts Cookbook but, although it has great authentication tips, it does not include a recipe to have authentication with a database. Is there any article on how to perform it with Struts? Any books that you would suggest? So what I think is that I should have a model class to do this kind of authentication rather than using the XML config files. However how would I include all the roles in that class? Have a data structure like a list maybe? That way I could always check for a specific role for every JSP or action whether the user would be allowed or not. Any thoughts? You can set up container managed security in just the same was as you've done previously, you don't need to do anything new or different with Struts (provided container managed security gives you everything you need). Once you have it setup you can tell Struts to restrict access to actions based on roles through struts-config.xml. L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login with authentication from database
If you need more information about JAAS, I found this : Using JAAS with Struts - A simple guide to get it up and running http://www.jroller.com/page/tomdz/20041215 and this Struts, JAAS, Tomcat: getting acquainted http://technology.amis.nl/blog/index.php?p=259 extremely helpful. However, using JAAS in an rented/shared hosting environment can be difficult. Therefore I chose a custom authentication method. I have been overriding Requestprocessor#processRoles. That allows me, to use the roles attribute in struts-config.xml, just as I would do with the JAAS config ... rgds albi -Original Message- From: C.F. Scheidecker Antunes [mailto:[EMAIL PROTECTED] Sent: Monday, August 08, 2005 12:32 AM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Re: Login with authentication from database Thanks Laurie! I have quite a few Struts and Tomcat books. What I wonder is exactly where to set up JAAS. That's because I might have more than one app in the same Tomcat5 server. So I wonder if for each database/application I could configure JAAS separately, that is can I do it only within one Struts apps use a separate database,tables for that specific struts apps? If so what is the XML config file that I should have that? My struts-config.xml? Laurie Harper wrote: > C.F. Scheidecker Antunes wrote: > >> I am learning my ways through Struts having done Servlets and JSPs >> before. In order to have authentication functionalities with my >> Servlets I used to have a user table and a roles table. Once the user >> logs in he/she would be authenticated with the user name, password >> through Tomcat as it was configured with the database information, >> table name, etc. >> >> I would like to do pretty much the same with Struts. I have checked >> the O'Reilly Struts Cookbook but, although it has great >> authentication tips, it does not include a recipe to have >> authentication with a database. Is there any article on how to >> perform it with Struts? Any books that you would suggest? >> >> So what I think is that I should have a model class to do this kind >> of authentication rather than using the XML config files. However how >> would I include all the roles in that class? Have a data structure >> like a list maybe? That way I could always check for a specific role >> for every JSP or action whether the user would be allowed or not. Any >> thoughts? > > > You can set up container managed security in just the same was as > you've done previously, you don't need to do anything new or different > with Struts (provided container managed security gives you everything > you need). Once you have it setup you can tell Struts to restrict > access to actions based on roles through struts-config.xml. > > L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login with authentication from database
I have seen this done in webshpere 5.x application server where you can create a custom security provider that acts as a stand-in for your J2EE security provider. This custom provider can authenticate principals, groups and users in groups to any data source. Sorry, can't speak for tomcat. Gary -- Original message -- > I haven't used container managed security very much but I think the way > you'd do that is to set up multiple security realms in Tomcat (one per > application or one per database) and then configure your security > constraints in the web.xml for each application. Your Tomcat books should > have more details on how to do that than I can provide I'm afraid... > > L. > > C.F. Scheidecker Antunes wrote: > > > Thanks Laurie! > > > > I have quite a few Struts and Tomcat books. What I wonder is exactly > > where to set up JAAS. That's because I might have more than one app in > > the same Tomcat5 server. So I wonder if for each database/application I > > could configure JAAS separately, that is can I do it only within one > > Struts apps use a separate database,tables for that specific struts > > apps? If so what is the XML config file that I should have that? My > > struts-config.xml? > > > > > > Laurie Harper wrote: > > > >> C.F. Scheidecker Antunes wrote: > >> > >>> I am learning my ways through Struts having done Servlets and JSPs > >>> before. In order to have authentication functionalities with my > >>> Servlets I used to have a user table and a roles table. Once the user > >>> logs in he/she would be authenticated with the user name, password > >>> through Tomcat as it was configured with the database information, > >>> table name, etc. > >>> > >>> I would like to do pretty much the same with Struts. I have checked > >>> the O'Reilly Struts Cookbook but, although it has great > >>> authentication tips, it does not include a recipe to have > >>> authentication with a database. Is there any article on how to > >>> perform it with Struts? Any books that you would suggest? > >>> > >>> So what I think is that I should have a model class to do this kind > >>> of authentication rather than using the XML config files. However how > >>> would I include all the roles in that class? Have a data structure > >>> like a list maybe? That way I could always check for a specific role > >>> for every JSP or action whether the user would be allowed or not. Any > >>> thoughts? > >> > >> > >> > >> You can set up container managed security in just the same was as > >> you've done previously, you don't need to do anything new or different > >> with Struts (provided container managed security gives you everything > >> you need). Once you have it setup you can tell Struts to restrict > >> access to actions based on roles through struts-config.xml. > >> > >> L. > > > -- > Laurie, Open Source advocate, Java geek and novice blogger: > http://www.holoweb.net/laurie > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
Re: Login with authentication from database
I haven't used container managed security very much but I think the way you'd do that is to set up multiple security realms in Tomcat (one per application or one per database) and then configure your security constraints in the web.xml for each application. Your Tomcat books should have more details on how to do that than I can provide I'm afraid... L. C.F. Scheidecker Antunes wrote: Thanks Laurie! I have quite a few Struts and Tomcat books. What I wonder is exactly where to set up JAAS. That's because I might have more than one app in the same Tomcat5 server. So I wonder if for each database/application I could configure JAAS separately, that is can I do it only within one Struts apps use a separate database,tables for that specific struts apps? If so what is the XML config file that I should have that? My struts-config.xml? Laurie Harper wrote: C.F. Scheidecker Antunes wrote: I am learning my ways through Struts having done Servlets and JSPs before. In order to have authentication functionalities with my Servlets I used to have a user table and a roles table. Once the user logs in he/she would be authenticated with the user name, password through Tomcat as it was configured with the database information, table name, etc. I would like to do pretty much the same with Struts. I have checked the O'Reilly Struts Cookbook but, although it has great authentication tips, it does not include a recipe to have authentication with a database. Is there any article on how to perform it with Struts? Any books that you would suggest? So what I think is that I should have a model class to do this kind of authentication rather than using the XML config files. However how would I include all the roles in that class? Have a data structure like a list maybe? That way I could always check for a specific role for every JSP or action whether the user would be allowed or not. Any thoughts? You can set up container managed security in just the same was as you've done previously, you don't need to do anything new or different with Struts (provided container managed security gives you everything you need). Once you have it setup you can tell Struts to restrict access to actions based on roles through struts-config.xml. L. -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login with authentication from database
Thanks Laurie! I have quite a few Struts and Tomcat books. What I wonder is exactly where to set up JAAS. That's because I might have more than one app in the same Tomcat5 server. So I wonder if for each database/application I could configure JAAS separately, that is can I do it only within one Struts apps use a separate database,tables for that specific struts apps? If so what is the XML config file that I should have that? My struts-config.xml? Laurie Harper wrote: C.F. Scheidecker Antunes wrote: I am learning my ways through Struts having done Servlets and JSPs before. In order to have authentication functionalities with my Servlets I used to have a user table and a roles table. Once the user logs in he/she would be authenticated with the user name, password through Tomcat as it was configured with the database information, table name, etc. I would like to do pretty much the same with Struts. I have checked the O'Reilly Struts Cookbook but, although it has great authentication tips, it does not include a recipe to have authentication with a database. Is there any article on how to perform it with Struts? Any books that you would suggest? So what I think is that I should have a model class to do this kind of authentication rather than using the XML config files. However how would I include all the roles in that class? Have a data structure like a list maybe? That way I could always check for a specific role for every JSP or action whether the user would be allowed or not. Any thoughts? You can set up container managed security in just the same was as you've done previously, you don't need to do anything new or different with Struts (provided container managed security gives you everything you need). Once you have it setup you can tell Struts to restrict access to actions based on roles through struts-config.xml. L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login with authentication from database
C.F. Scheidecker Antunes wrote: I am learning my ways through Struts having done Servlets and JSPs before. In order to have authentication functionalities with my Servlets I used to have a user table and a roles table. Once the user logs in he/she would be authenticated with the user name, password through Tomcat as it was configured with the database information, table name, etc. I would like to do pretty much the same with Struts. I have checked the O'Reilly Struts Cookbook but, although it has great authentication tips, it does not include a recipe to have authentication with a database. Is there any article on how to perform it with Struts? Any books that you would suggest? So what I think is that I should have a model class to do this kind of authentication rather than using the XML config files. However how would I include all the roles in that class? Have a data structure like a list maybe? That way I could always check for a specific role for every JSP or action whether the user would be allowed or not. Any thoughts? You can set up container managed security in just the same was as you've done previously, you don't need to do anything new or different with Struts (provided container managed security gives you everything you need). Once you have it setup you can tell Struts to restrict access to actions based on roles through struts-config.xml. L. -- Laurie, Open Source advocate, Java geek and novice blogger: http://www.holoweb.net/laurie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login with authentication from database
Hi, look in the documention of your Web Container how to configure JAAS. Most of the container, such as Jetty, come with a JDBC JAAS Login module ready to use. Cheers, Daniel On 7 Aug 2005, at 22:53, C.F. Scheidecker Antunes wrote: Hello all, I am learning my ways through Struts having done Servlets and JSPs before. In order to have authentication functionalities with my Servlets I used to have a user table and a roles table. Once the user logs in he/she would be authenticated with the user name, password through Tomcat as it was configured with the database information, table name, etc. I would like to do pretty much the same with Struts. I have checked the O'Reilly Struts Cookbook but, although it has great authentication tips, it does not include a recipe to have authentication with a database. Is there any article on how to perform it with Struts? Any books that you would suggest? So what I think is that I should have a model class to do this kind of authentication rather than using the XML config files. However how would I include all the roles in that class? Have a data structure like a list maybe? That way I could always check for a specific role for every JSP or action whether the user would be allowed or not. Any thoughts? Thanks in advance, C.F. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Login with authentication from database
Hello all, I am learning my ways through Struts having done Servlets and JSPs before. In order to have authentication functionalities with my Servlets I used to have a user table and a roles table. Once the user logs in he/she would be authenticated with the user name, password through Tomcat as it was configured with the database information, table name, etc. I would like to do pretty much the same with Struts. I have checked the O'Reilly Struts Cookbook but, although it has great authentication tips, it does not include a recipe to have authentication with a database. Is there any article on how to perform it with Struts? Any books that you would suggest? So what I think is that I should have a model class to do this kind of authentication rather than using the XML config files. However how would I include all the roles in that class? Have a data structure like a list maybe? That way I could always check for a specific role for every JSP or action whether the user would be allowed or not. Any thoughts? Thanks in advance, C.F. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]