Re: JAAS struts 2 Tutorial?

You can find the key features of acegi here - http://www.acegisecurity.org/. I see the advantages as being able to customize the authentication and authorization from within the scope of the web application, and not external configuration via an app server. But then, this also depends on the

Re: JAAS struts 2 Tutorial?

In the web app I'm currently developing (which uses JAAS authentication), I've done the following: 1) Create an HttpServletRequestWrapper to override the isUserInRole method 2) Create an AnnotationRoles class to annotate my actions if they require particular roles 3) Create an AnnotationRolesInte

RE: JAAS struts 2 Tutorial?

Better a late replay than none at all :) > Is JAAS the best way to go, or there are better alternates? 'JAAS' encompasses a lot of stuff, so it depends what you are trying to do... Let me assume for the minute that you are talking about login/authentication... In this case, it depends whethe

Re: JAAS struts 2 Tutorial?

If you are not using container managed persistence, where the HttpRequest values are being set in the environment, you probably don't want to use the Principal or PrincipalAware interface, or even to wrap the HttpServletRequest (this email was in response to using a servlet wrapper to re-implem

Re: JAAS struts 2 Tutorial?

On 9/18/07, Ian Roughley <[EMAIL PROTECTED]> wrote: > By implementing the PrincipalAware interface, the Principal object will > be injected into the action with those values from the request (the > user, roles, etc.). The values can be be used in the action, or the > Principal can be exposed with

Re: JAAS struts 2 Tutorial?

By implementing the PrincipalAware interface, the Principal object will be injected into the action with those values from the request (the user, roles, etc.). The values can be be used in the action, or the Principal can be exposed with a setter for the actions to use. /Ian Mark McLaren wro

Re: JAAS struts 2 Tutorial?

Hi all, I think this is a generic problem rather than something Struts 2 specific. Ideally in this situation you would want to be able to access getRemoteUser() and isUserInRole() from the request. One approach is to use your application servers' container managed security, e.g. Tomcat JAASRealm

Re: JAAS struts 2 Tutorial?

I would like a tutorial on integrating jaas in struts2 too. Or rather than a tutorial, i would like to see some working code. I've done a lot of reading (i'm new to java web applications, it's been only a month since i've started) and i have some understanding on how this should work but i just

Re: JAAS struts 2 Tutorial?

Hello Tom, Thanks for your continued input. The application isn't simple, it is a J2EE application which will serve a large number of users (users will be using Web Browser or Mobile Device to access the application). Based on the help I got on this list, I have been successful in setting u

Re: JAAS struts 2 Tutorial?

If it's simple application, you dont need JAAS, You can do it via just session management isnt it? You might need user, role, user-role threee tables on database thats it :) If you are using Application server like Jboss, the server itself got inbuilt features, which is altogether a different di

Re: JAAS struts 2 Tutorial?

Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the

Re: JAAS struts 2 Tutorial?

what exactly you are trying to do? --- Muhammad Momin Rashid <[EMAIL PROTECTED]> wrote: > Hello Everyone, > > I am looking for a tutorial for integrating JAAS > into my Struts 2 + > Hibernate Application. Can anyone point me to the > right resources? > > Is JAAS the best way to go, or there

Re: JAAS struts 2 Tutorial?

Hi Muhammad, Try searching my messages chronologically and you'll get plenty to start with! Muhammad Momin Rashid-2 wrote: > > Hello Everyone, > > I am looking for a tutorial for integrating JAAS into my Struts 2 + > Hibernate Application. Can anyone point me to the right resources? > > Is

Re: JAAS struts 2 Tutorial?

Muhammad, Starting out from scratch should you use JAAS? I'm not a JAAS expert (I tend to use JASIG CAS which uses JAAS internally and SecurityFilter) but I imagine it all depends on your circumstances. >From what I can gather if you need to reuse the exact same login mechanism for desktop applic

Re: JAAS struts 2 Tutorial?

Hello Mark, Thanks for your response. Actually I am writing a Web Application from Scratch, using Struts 2 and Hibernate. I need to implement security so that only authorised User can access the desired pages. The user names, passwords and their roles are stored in the database. I am look

Re: JAAS struts 2 Tutorial?

Hi Muhammad, With respect to JAAS integration. Do you mean something like this? I'm new to Struts 2 but I would imagine you probably want an interceptor of some kind (RolesInterceptor, PrincipalAware etc.) to pass yo