Max, I love what you are doing. I apologize that i jumped to conclusions and provided bad direction. My bad. I am swapping out my code for yours. Thanks for the great job.
Brandon Goodin Phase Web and Multimedia P(406)862-2245 F(406)862-0354 http://www.phase.ws -----Original Message----- From: Max Cooper [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 2:08 PM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Re: Container-managed authentication not possible Brandon, SecurityFilter *does* implement isUserInRole(), getUserPrincipal(), and getRemoteUser(). By "mimics" I mean that your app (or Tiles and Struts) will not be able to distinguish between SecurityFilter and Container Managed Security. It behaves the same, and it looks the same to the code running on top of it. One of the major design goals of the project is to allow you to switch between container-managed and filter-based security without changing your application's code. SecurityFilter also shares the same configuration syntax and features, except that you put the info in a securityfilter-config.xml file rather than web.xml. -Max ----- Original Message ----- From: "Brandon Goodin" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, August 21, 2002 12:52 PM Subject: RE: Container-managed authentication not possible > That is a cool project. But, it only "mimics". It has the same terminology > associated with it. But it is NOT container managed security. Nor does it > integrate (at this point) with many projects that use the container based > security check methods like isUserInRole(). so, for example if you are using > role checking with tiles it will not be able to locate the role and user > information generated by SecurityFilter because it does not use container > managed security. I wrote a SecurityFilter that interacts with an action to > take advantage of container based security. It allows for auto-login, login > from any page, and url based security. But the code is not very clean and is > Tomcat specific. I am waiting for the ServletSpec to come up to par. > Meanwhile my "SecurityFilter" is working and using container based security > and I would rather stay tied to container managed security with all it's > inflexibilities because it allows me to abstract my security from my app. > > Just my rambling thoughts, > Brandon Goodin > Phase Web and Multimedia > P(406)862-2245 > F(406)862-0354 > http://www.phase.ws > > -----Original Message----- > From: Todd G. Nist [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 21, 2002 2:46 PM > To: 'Struts Users Mailing List' > Subject: RE: Container-managed authentication not possible > > > You may want to take a look at the SecurityFilter project on SourceForge.net > by Max Cooper. Summary form site: > > "SecurityFilter is a Java Servlet Filter that mimics the behavior and > configuration format of container managed security, with several > development and deployment advantages." > > See the Home Page http://securityfilter.sourceforge.net at for more > details. > > Regards, > > Todd G. Nist > > > -----Original Message----- > From: Brandon Goodin [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 21, 2002 2:48 PM > To: Struts Users Mailing List > Subject: RE: Container-managed authentication not possible > > > You can implement container managed security in web.xml only if it has been > setup within the server.xml under your host settings. > > Brandon Goodin > Phase Web and Multimedia > P(406)862-2245 > F(406)862-0354 > http://www.phase.ws > > -----Original Message----- > From: Elderclei R Reami [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 21, 2002 3:44 PM > To: [EMAIL PROTECTED] > Subject: Container-managed authentication not possible > > > Hi Friends, > > It's been a month developing in struts, and the party's been pretty good. > I'm just finishing my first application > (30 jsps, actions, and so on), and now I'm including some security in it. > > I'm in trouble regarding authentication, because my client's ISP does not > let me change server.xml configs, > probably because they use virtual hosting. My question is: is it possible to > configure container-managed > authentication using the web.xml? Or must I implement my own authentication? > > Cheers, > Elderclei R Reami > Vertis Tecnologia > +55 11 3887-0835 > www.vertisnet.com.br > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>