Single Sign On And Spring Security
Hello, I am hoping someone can provide me with some links or examples of how to combine Struts 2 with Spring security. The end goal is to use Spring security to access a CAS server (http://www.jasig.org/cas) in order to provide single sign on ability between a Struts2 application and a Wordpress site. Thank you, Lance Hill
Re: Single Sign On And Spring Security
i believe the cool reference only roller 5 which it is not released yet F On Thu, Feb 25, 2010 at 10:11 PM, Lance Hill la...@baldhead.com wrote: Hello, I am hoping someone can provide me with some links or examples of how to combine Struts 2 with Spring security. The end goal is to use Spring security to access a CAS server (http://www.jasig.org/cas) in order to provide single sign on ability between a Struts2 application and a Wordpress site. Thank you, Lance Hill
Re: hard question - Single Sign On
David Thielen wrote: Is there anything simpler out there (I'm spolied by how easy it is in Windows)? This is for a commercial product and we want our customers to be able to install and configure it in 5 minutes (all of it, not just the security). Acegi is a pretty decent option. Spring is a great way of ding a lot of things, including the MVC side of webapps, if you're not already tied to Struts. You can use Struts with it as well and skip the Spring MVC framework. Web applications are complex things regardless of which framework you use... You have to install an app server (and possibly configure it to work with IIS, Apache, or other web server), a database (then hook the two up), security services, and whatever other third-party stuff you need to deal with. You have to configure users (or groups) and integrate that into whatever service you're currently using for security (if any). Any time there's any interop between two separate pieces of software you're looking at a potential roadblock. Fortunately most of these problems have already been solved by somebody. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: hard question - Single Sign On
They sure don't make this easy do they? This is a lot of stuff to install configure. Is there anything simpler out there (I'm spolied by how easy it is in Windows)? This is for a commercial product and we want our customers to be able to install and configure it in 5 minutes (all of it, not just the security). Thanks - dave David Thielen www.windwardreports.com 303-499-2544 -Original Message- From: Lixin Chu [mailto:[EMAIL PROTECTED] Sent: Sunday, January 22, 2006 10:18 PM To: Struts Users Mailing List Subject: Re: hard question - Single Sign On may you would like to take a look at these two: Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home Acegi : http://acegisecurity.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: hard question - Single Sign On
may you would like to take a look at these two: Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home Acegi : http://acegisecurity.org/
Re: hard question - Single Sign On
Hi bro, what is your problem? On 1/23/06, Lixin Chu [EMAIL PROTECTED] wrote: may you would like to take a look at these two: Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home Acegi : http://acegisecurity.org/ -- = The world will be ended if love is everywhere. Shawzi
hard question - Single Sign On
In the Windows world, if a users uses IE to access an ASP website, and both are on domains and they are the same domain or there is a trust relationship between the domains, you can do the following (the joy of one company providing the entire stack): 1. You can authenticate the user which is based on who they logged in to Windows as. 2. You can handle authorization based on the groups that user is a member of. 3. You can open files as that user so all access to files is based on the user's privileges - without ever knowing the username password of the user. 4. You can access SQL Server as that user so all database access is based on that user's permissions - without ever knowing the username password of the user. What makes this such a fantastic setup is the following: 1. The user was never asked to log in to use the ASP-based portal. It knows who they are. 2. The ASP-based portal never needs to know the user's password. So there are no security issues as you are never holding storing a password. Can this be done in the J2EE world? And if so, how? 1. We want to avoid requiring the user to login to use our portal. 2. We want to get authentication authorization from the underlying O/S - so the company using this does not need to enter duplicates of all users and the groups they are in. 3. We need to access files and the databases as the user. a. We would prefer to do this without having to store the user's username password. b. If we do have to store it, what is the best way to do so? This is the one part of our portal where we are willing to write dependent code as having this be true SSO with us storing nothing is such a good thing. Suggestions ??? - thanks - dave David Thielen http://www.windwardreports.com www.windwardreports.com 303-499-2544
RE: Single sign-on
-Original Message- From: Seaman, Sloan [mailto:[EMAIL PROTECTED] Sent: 09 September 2004 13:36 To: 'Struts Users Mailing List' Subject: RE: Single sign-on We use JNDI to hit our MS Active Directory server. Works rather well :) -- [[Catching up with email]] You also might want to allow the web app client to logon to a external web server. In other words write a special Struts Action does make use of HTTP over Java Socket and interact with the web server ( aka Commons HttpClient ). I tried to suggest this idea a few years ago to a client of mine, but they went with a JavaScript malarky to interface instead to a popular reporting engine. HttpClient would have been the clean and pure Java way. Bah! -- Peter Pilgrim Operations/IT - Credit Suisse First Boston, 10 South Colonnade, London E14 4QJ, United Kingdom Tel: +44 (0)207 883 4447 == This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. == - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Single sign-on
Hi, We have lot of web application built on struts for which we need to provide single sign-on. Please advise me how to implement the same. We are using Weblogic 8.1 as the app server. Regards, KP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Single sign-on
open source Yale CAS could be one possible choice. --- Prasad, Kamakshya [EMAIL PROTECTED] wrote: Hi, We have lot of web application built on struts for which we need to provide single sign-on. Please advise me how to implement the same. We are using Weblogic 8.1 as the app server. Regards, KP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Single sign-on
check out the single sign on valve for your app server. might be your answer. -Original Message- From: Prasad, Kamakshya [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 3:53 AM To: Struts Users Mailing List Subject: Single sign-on Hi, We have lot of web application built on struts for which we need to provide single sign-on. Please advise me how to implement the same. We are using Weblogic 8.1 as the app server. Regards, KP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Single sign-on
HI, Actually client wants a solution which is not dependant on application server. Is something not available in pure java. Regards, KP -Original Message- From: Fought,Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 9:22 PM To: 'Struts Users Mailing List' Subject: RE: Single sign-on check out the single sign on valve for your app server. might be your answer. -Original Message- From: Prasad, Kamakshya [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 3:53 AM To: Struts Users Mailing List Subject: Single sign-on Hi, We have lot of web application built on struts for which we need to provide single sign-on. Please advise me how to implement the same. We are using Weblogic 8.1 as the app server. Regards, KP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Single sign-on
There are many: http://www.manageability.org/blog/stuff/single-sign-on-in-java/view .V Prasad, Kamakshya wrote: HI, Actually client wants a solution which is not dependant on application server. Is something not available in pure java. Regards, KP -Original Message- From: Fought,Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 9:22 PM To: 'Struts Users Mailing List' Subject: RE: Single sign-on check out the single sign on valve for your app server. might be your answer. -Original Message- From: Prasad, Kamakshya [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 3:53 AM To: Struts Users Mailing List Subject: Single sign-on Hi, We have lot of web application built on struts for which we need to provide single sign-on. Please advise me how to implement the same. We are using Weblogic 8.1 as the app server. Regards, KP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Please post on Rich Internet Applications User Interface (RiA/SoA) http://www.portalvu.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Single sign-on
We use JNDI to hit our MS Active Directory server. Works rather well :) -- Sloan -Original Message- From: Prasad, Kamakshya [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 8:30 AM To: Struts Users Mailing List Subject: RE: Single sign-on HI, Actually client wants a solution which is not dependant on application server. Is something not available in pure java. Regards, KP -Original Message- From: Fought,Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 9:22 PM To: 'Struts Users Mailing List' Subject: RE: Single sign-on check out the single sign on valve for your app server. might be your answer. -Original Message- From: Prasad, Kamakshya [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 3:53 AM To: Struts Users Mailing List Subject: Single sign-on Hi, We have lot of web application built on struts for which we need to provide single sign-on. Please advise me how to implement the same. We are using Weblogic 8.1 as the app server. Regards, KP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: Single sign-on
Seaman, Sloan wrote: We use JNDI to hit our MS Active Directory server. MS Active Directory is for weenies. Are you browsing with Internet Explorer too? Works rather well :) Until you get fined by the worm police. BTW, this e-mail was typed from an XP workstation. Not *my* workstation, mind you. - Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Single sign-on
On Thu, 9 Sep 2004 16:53:21 +0900, Prasad, Kamakshya [EMAIL PROTECTED] wrote: Hi, We have lot of web application built on struts for which we need to provide single sign-on. Please advise me how to implement the same. We use JCIFS from samba.org (http://jcifs.samba.org/src/docs/ntlmhttpauth.html) JCIFS contains a filter that authenticates the ruquesting user by using Microsoft's non-conformant extension to HTTP header communication. (http://jcifs.samba.org/src/docs/ntlmhttpauth.html) You just need to adjust filter parameters.. We are using Weblogic 8.1 as the app server. Regards, KP /tb. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Single sign-on
-Original Message- From: Prasad, Kamakshya [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 5:30 AM To: Struts Users Mailing List Subject: RE: Single sign-on HI, Actually client wants a solution which is not dependant on application server. Is something not available in pure java. Probably, depending on how you're doing security to begin. If you are using container managed security, then it's going to be easiest to use container single-sign on. Every container implements single-sign-on that I'm aware of, so it's not that big a deal. Regards, KP -Original Message- From: Fought,Tom [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 9:22 PM To: 'Struts Users Mailing List' Subject: RE: Single sign-on check out the single sign on valve for your app server. might be your answer. -Original Message- From: Prasad, Kamakshya [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 3:53 AM To: Struts Users Mailing List Subject: Single sign-on Hi, We have lot of web application built on struts for which we need to provide single sign-on. Please advise me how to implement the same. We are using Weblogic 8.1 as the app server. Regards, KP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]