Hi, How are you doing? You may want to check Security Filter. It supports roles 'n' such. It is well documented and very cleanly implemented. Here is the URL: http://securityfilter.sourceforge.net/
Best regards, -Prakash ----- eBuilt, Inc. - Builders of Industrial-Strength e-Business (http://www.eBuilt.com) Learn Java! (http://www.cact.csupomona.edu/javacert.html) Learn Design Patterns! (http://www.cact.csupomona.edu/UML_Specialist.htm) Want answers to Java, OOAD, UML, Design Patterns, EJBs, JSPs, Servlets, XP, etc? (http://groups.yahoo.com/group/bartssandbox) > Michael ... I've tried the same and thought it was a little messy. > > I was hope to find an example to uses roles 'n' such. > > -----Original Message----- > From: Michael Lee [mailto:[EMAIL PROTECTED]] > Sent: September 10, 2002 11:13 AM > To: Struts Users Mailing List > Subject: Re: Security and Struts > > > They have a good login example in the example war in the > struts/webapps dir. > That's the way I've done it in the past. The way I'm > currently doing it is > to use container managed security. This means NOT using struts for > authorization/authentication (for J2EE security). Since your > using JSP your > probably gonna do form base authentication so just post your form to > action="j_security_check" and make sure your form username > and password > fields are j_username and j_password appropriately. Check > your container > documentation for how to hook this into its security model. > I'm currently actually having a problem with this in that I > need for the > user information to be stored in the session at login. I may > just put a tag > at the top of every page but that seems to get rid of the > 'niceties' of > using J2EE security. I want to set the locale based upon the > loaded user > object. Problem is, it goes right to the requested jsp page > after login > without loading the user and his preferences. Not sure how > I'm going to > handle this but in the mean time, that is how I handle security. > Mike > > > ----- Original Message ----- > From: "Darren Hill" <[EMAIL PROTECTED]> > To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> > Sent: Tuesday, September 10, 2002 10:24 AM > Subject: Security and Struts > > > > Hey all, > > > > I'm looking for a job document and example about best practices in > > implementing security in struts. > > I've got the general idea about placing all my JSP's under > WEB-INF, but a > > doc/example might really solidify it for me. Thanks in advance. > > > > Darren. > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>