JAAS is not relevant if you're using container-managed security. You'll need to set up users in whatever user database your container (WebLogic in your case) provides. Struts also has nothing to do with this -- although you can use role information with tags like <logic:present> or the "roles" attribute on an <action> if you want to.
JAAS would only be relevant if you wanted to do application-managed security instead, or if you were implementing the container itself. Craig On Mon, 26 Aug 2002, Michael Lee wrote: > Date: Mon, 26 Aug 2002 12:21:12 -0400 > From: Michael Lee <[EMAIL PROTECTED]> > Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]> > To: Struts Users Mailing List <[EMAIL PROTECTED]> > Subject: j_security_check, jaas and weblogic 6.1 > > I have to do security for the company I am at. I have never used > j_security_check, jaas or weblogic 6.1 RDBMS (we have a database for > authentication/authorization). I read all through the examples on > j_security_check, jaas and WLS RDBMS out there I could get my hands on. > There seems to be no good real world examples of how to tie all these > together. The reason I'm having an issue is struts is the middle man, the > controller so he is key to it all. I know i configure j_security_check in my > web.xml to point to use form authentication, i know all about deployment > descriptor configuration for ejb, war, etc. This is not the problem. I don't > see how JAAS fits into j_security_check? I also dont see how struts fits > into it either? Do I need to also add a login.do? I need to get the locale > for the user from the database and figured I would do this at the login. > JAAS wants LoginContext.login(), most j2ee say j_security_check and struts > examples have login.do (this is the way I've typically done it). > Help! I can't find any real world examples to tie all these together! > thanks! > Mike Lee > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
