Hi Jon,
I know that WebLogic gets rid of these after authentication.
--Abraham
> -Original Message-
> From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 13, 2001 1:51 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Form-based Authentication
>
>
>
On Wed, 13 Jun 2001, Jon.Ridgway wrote:
> Hi All,
>
> Form based auth is something that I have just been looking at, so I thought
> I'd add my two pennies worth.
>
> My login form is using struts html, bean and template tags (no html:form)
> and all appears ok. My template has an adapted vers
Hi Jonathan,
Snip from
http://java.sun.com/j2ee/blueprints/packaging_deployment/descriptors/index.h
tml#1035772
'Form-based authentication is the preferred mechanism for authenticating
application users in the J2EE platformThe security-constraint element
specifies that th
ROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 13, 2001 4:51 AM
Subject: RE: Form-based Authentication
> Hi All,
>
> Form based auth is something that I have just been looking at, so I
thought
> I'd add my two pennies worth.
>
> My login form is using stru
sion, like tomcat does?
Jon.
-Original Message-
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: 13 June 2001 02:05
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Form-based Authentication
On Tue, 12 Jun 2001, Abraham Kang wrote:
> Hi Craig,
>
> Thanks for the cl
On Tue, 12 Jun 2001, Abraham Kang wrote:
> Hi Craig,
>
> Thanks for the clarification.
>
> I was wondering if you knew of any other way to do pre-processing
> before being authenticated and post-processing after authentication
> when using the form based authenticatio
,
Kurt
-Original Message-
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 12, 2001 1:59 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Form-based Authentication
On Tue, 12 Jun 2001, Abraham Kang wrote:
> RE: Form-based AuthenticationHi Jason,
&
Hi Craig,
Thanks for the clarification.
I was wondering if you knew of any other way to do pre-processing
before being authenticated and post-processing after authentication
when using the form based authentication.
Would filters work here?
Sincerely,
Abraham
> -Original Mess
essing and take
> advantage of the containers authentication realm.
>
WARNING: Although it might be supported by some containers, you are *not*
guaranteed by the servlet spec that you can portably play that sort of a
game. The spec clearly states that the form login page *must* have an
acti
Title: RE: Form-based Authentication
Hi
Jason,
I should have been clearer.
The only time that you do not want the login-form to
specify "j_security_check" as its action is when you want to do some special
preprocessing before the user is authenticated. By forwa
Title: RE: Form-based Authentication
Hi Matt and Abraham,
I would like to know why you say that you need to specify a login-form that does not have j_security-check as its action?
I am using this as the action and using Struts action classes to do the login?
-Original Message
. This servlet will do the
pre-processing and then forward the j_username and j_password to
j_security_check.
If you need post authentication routines then you will have to sniff the
session attribute that the requested URL was stored under. In WebLogic this
is "_wl_formauth_url". Whe
yes I did this. It works perfectly on tomcat also on resin. JRUN seems to
have some problems with this.
-Original Message-
From: Matt Raible [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 12, 2001 3:14 PM
To: [EMAIL PROTECTED]
Subject: Form-based Authentication
Has anyone implemented
Has anyone implemented form-based authentication and Struts as defined by
the J2EE Blueprints?
http://java.sun.com/j2ee/blueprints/packaging_deployment/descriptors/index.h
tml#1035772
If so, any lessons learned from the appserver you deployed in?
Thanks,
Matt
o:[EMAIL PROTECTED]]
> Sent: 06 June 2001 08:17
> To: [EMAIL PROTECTED]
> Subject: Form based authentication
>
>
> Hi,
>
> Has anyone used Form based authentication? How does action
> ="j_security_check" work?
>
> Thanks,
> Nagalli
>
>
Hi Pratima,
Can you switch to basic authentication?
Another alternative is to change the top frame's location with
JavaScript in the logon page.
--Abraham
> -Original Message-
> From: Gogineni, Pratima [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 08, 2001 3:45 PM
Hi,
I have a question I hoping some one might have some ideas on how to
accomplish this ...
I am using the appsever based authentication - so I have a html page that
login.html.
now my welcome page is a frame that has two jsp pages in it. unfortunately
when I logon I see the login page in both
fy a login and
error page in the web.xml.
Jon.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: 06 June 2001 08:17
To: [EMAIL PROTECTED]
Subject: Form based authentication
Hi,
Has anyone used Form based authentication? How does action
="j_security_ch
Hi,
Has anyone used Form based authentication? How does action
="j_security_check" work?
Thanks,
Nagalli
My view is that authentication is best handled totally outside of struts by
the application server. The web deployment descriptor (web.xml) per the j2
spec is specifically designed to remove login mechanics from the developer.
I'm running the JBoss/Tomcat at home and weblogic 5.1 at wor
t he
> is not authenticated.
>
> pratima
>
> -Original Message-
> From: Gregor Rayman [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 22, 2001 3:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Where's the best place to do authentication
>
>
> "Jon.Ridgwa
s the best place to do authentication
"Jon.Ridgway" <[EMAIL PROTECTED]> writes:
> Hi Shogo,
>
> Have a look at the 'example' webapp provided with struts, this uses a
taglib
> to check the user is logged on, I'm sure you could use/amend it to fit
your
>
Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 1:56 AM
To: [EMAIL PROTECTED]
Subject: RE: Where's the best place to do authentication
Hi Shogo,
Have a look at the 'example' webapp provided with struts, this uses a taglib
to check the user is logg
Hi Shogo,
Good point...
Jon.
-Original Message-
From: Gregor Rayman [mailto:[EMAIL PROTECTED]]
Sent: 22 May 2001 11:59
To: [EMAIL PROTECTED]
Subject: Re: Where's the best place to do authentication
"Jon.Ridgway" <[EMAIL PROTECTED]> writes:
> Hi Shogo,
>
&g
"Jon.Ridgway" <[EMAIL PROTECTED]> writes:
> Hi Shogo,
>
> Have a look at the 'example' webapp provided with struts, this uses a taglib
> to check the user is logged on, I'm sure you could use/amend it to fit your
> purpose.
>
> Jon.
I am not very happy with taglibs checking for logged in user. T
EMAIL PROTECTED]
Subject: Where's the best place to do authentication
Where would be the best place/way to authenticate every user's request? I
want to avoid inserting "code to authenticate" in all of my classes which
extend Action class. Should I create a class like MyAc
I like using the servlet container to perform
authentication. Then you can define your security
rules in web.xml file.
adminPages
/admin/*
MyAdmin
Tomcat has a JDBC Realm you can use. Setting up the
Where would be the best place/way to authenticate every user's request? I
want to avoid inserting "code to authenticate" in all of my classes which
extend Action class. Should I create a class like MyAction to put this sort
of code, then extends this new class? Any better way?
Any suggestion
Hi,
I know WebLogic and JRun support integration with an NT Realm. I haven't
used tomcat so I can't help you there much. I also tried looking on the
Internet but could find anything specific. You might have better luck
talking to a MS developer.
--Abraham
Title: R:Automathic user authentication
Hi,
getUserPrincipal returns null, but i can't uderstand why... my user is authenticated by NT wks!!
The spec says that
"..If the getRemoteUser returns null (which means that no user has been authenticated), the isUserInRole method w
,
chapter 12 in 2.3). This tells you how to configure your web app to require
authentication to access certain resources.
LORENA MASSIMO wrote:
> hi everibody,
>
> i'm developing for myintranet a web app based on apache/tomcat/struts.
> My users are using NT Wks on a NT D
Hi!
I`m interested also.
Wellington Silva
UN/FAO
-Original Message-
From: LORENA MASSIMO [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 14, 2001 11:24 AM
To: '[EMAIL PROTECTED]'
Subject: R:Windows NT authentication for web site.
i'm iterested too...
i'm using
i'm iterested too...
i'm using apache/tomcat/struts
Thanks
> --
> Da: Abraham Kang[SMTP:[EMAIL PROTECTED]]
> Risposta a: [EMAIL PROTECTED]
> Inviato: venerdì 11 maggio 2001 23:57
> A:[EMAIL PROTECTED]
> Oggetto: RE: Windows NT authentication
hi everibody,
i'm developing for myintranet a web app based on apache/tomcat/struts.
My users are using NT Wks on a NT Domain.
I'm trying to auto-authenticate the users using the NT Logon User.
Somebody told me to use the following jsp code
String logon_user = Request.ServerVariables("LOGON_USER
ect: Windows NT authentication for web site.
>
>
>
> For my company web site, I want to use NT user name and password for
> authentication. to get the user name and password, I want to use
> html form.
>
> Can any one help me on this. How I can implement this, any tips or samples
> codes.
>
>
> Thanks
> Sundaram.
>
>
For my company web site, I want to use NT user name and password for
authentication. to get the user name and password, I want to use html form.
Can any one help me on this. How I can implement this, any tips or samples
codes.
Thanks
Sundaram.
let spec defining how a container
should talk to the authentication realm. This was considered in the
process leading up to the 2.3 (proposed final draft) spec, but we didn't
have time to settle on a standardized interface :-(.
Thus, you are stuck having to conform to the APIs that each con
Is there a way to define the authenticating class within the WAR context? I
like the way SimpleRealm & JDBCRealm work, automatically protecting every
resource matching a regex.
However if I need a custom realm, I'd really prefer to have it be deployable
in the war (would work across servlet cont
On Fri, Mar 02, 2001 at 12:38:30PM +0100, Marcello Teodori wrote:
> I would like to use standard a Servlet 2.2 standard authentication scheme
> with struts adding a domain where to authenticate the user, has anyone
> already done this? thanx
>
It is independent from struts. With
Marcello Teodori wrote:
> I would like to use standard a Servlet 2.2 standard authentication scheme
> with struts adding a domain where to authenticate the user, has anyone
> already done this? thanx
>
There is no portable mechanism to do this -- the details of how you set up t
I would like to use standard a Servlet 2.2 standard authentication scheme
with struts adding a domain where to authenticate the user, has anyone
already done this? thanx
- Original Message -
From: "Ana Narvaez Vila" <[EMAIL PROTECTED]>
To: "Struts" <[EMAIL PR
Hi,
I am trying to do a form base authentication using Weblogic 6.0 and Struts.
However, I got the following error.
<[WebAppServletContext(82670
96,consumer)] exception raised on '/consumer/login.jsp'
javax.servlet.ServletException: runtime failure in custom tag
Title: RE: Has anyone implemented security and authentication in a Struts app?
H.
those are some very good points. The situation i am faced with now (and
have been on a couple of occasions) is porting to MVC a content management
system that is steadily growing in complexity. I have to
Title: RE: Has anyone implemented security and authentication in a Struts app?
We are in the process of writing a lightweight framework for role-based authorization because no other options have panned out. I've searched for open-source solutions, but find none. As David Geary said, it&
ovide an API to set them, but use of that API is
obviously nonportable.
The only way to ensure portability is to implement authentication from scratch,
including support for user principals and roles, if you need them. Fortunately,
it's not that difficult to do.
david
> Mihir
>
>
role based security is part of servlet 2.2 specs. So, if you are using servlet
2.2 container the application will remain portable.
Mihir
Davina and Mac wrote:
> Has anybody out there implemented a roles-based security system in a Struts
> application? If so, did you use an existing class librar
ble to write portable applications, and Struts/MVC,
> with its single point of access and clearly defined actions would be an
> ideal place to implement security...
> thoughts anyone?
Relying on container provided authentication is, by definition, nonportable. So
you are correct: It is impossibl
Has anybody out there implemented a roles-based security system in a Struts
application? If so, did you use an existing class library or write your own?
It seems to me that relying on container providers for security schemes
makes it almost impossible to write portable applications, and Struts/MVC
Ralf Utermann wrote:
> Hi all,
>
> we are just about to start a project using Struts;
> maybe I can get some hints on two things:
>
> - authentication:
> In many services here we rely on DCE for authentication.
> This is also done for Web-based cgi-apps with
>
Hi all,
we are just about to start a project using Struts;
maybe I can get some hints on two things:
- authentication:
In many services here we rely on DCE for authentication.
This is also done for Web-based cgi-apps with
Paul Henson's mod_auth_dce for Apache. Two ques
301 - 350 of 350 matches
Mail list logo