What if we didn't want to use this and wanted to use Weblogic (or the system) container security. I just want something to load the currently logged in user to the session and set the local to the user's locale (pulled from database). thanks, Mike
----- Original Message ----- From: "Darren Hill" <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Sent: Tuesday, September 10, 2002 12:43 PM Subject: RE: RE: Security and Struts > Nice .. thanks Todd. > > Anyone ever use this with Struts? > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: September 10, 2002 12:41 PM > To: Struts Users Mailing List > Subject: Re: RE: Security and Struts > > > Darren, > > Have you looked at the SecurityFilter project by Max Cooper? Not sure what > all you need to achieve but this project provides a fairly extensible > Security module. You can find it at: > http://securityfilter.sourceforge.net/ > > Regards, > Todd G. Nist > > > > From: Darren Hill <[EMAIL PROTECTED]> > > Date: 2002/09/10 Tue PM 12:23:53 EDT > > To: 'Struts Users Mailing List' <[EMAIL PROTECTED]> > > Subject: RE: Security and Struts > > > > Michael ... I've tried the same and thought it was a little messy. > > > > I was hope to find an example to uses roles 'n' such. > > > > -----Original Message----- > > From: Michael Lee [mailto:[EMAIL PROTECTED]] > > Sent: September 10, 2002 11:13 AM > > To: Struts Users Mailing List > > Subject: Re: Security and Struts > > > > > > They have a good login example in the example war in the struts/webapps > dir. > > That's the way I've done it in the past. The way I'm currently doing it is > > to use container managed security. This means NOT using struts for > > authorization/authentication (for J2EE security). Since your using JSP > your > > probably gonna do form base authentication so just post your form to > > action="j_security_check" and make sure your form username and password > > fields are j_username and j_password appropriately. Check your container > > documentation for how to hook this into its security model. > > I'm currently actually having a problem with this in that I need for the > > user information to be stored in the session at login. I may just put a > tag > > at the top of every page but that seems to get rid of the 'niceties' of > > using J2EE security. I want to set the locale based upon the loaded user > > object. Problem is, it goes right to the requested jsp page after login > > without loading the user and his preferences. Not sure how I'm going to > > handle this but in the mean time, that is how I handle security. > > Mike > > > > > > ----- Original Message ----- > > From: "Darren Hill" <[EMAIL PROTECTED]> > > To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> > > Sent: Tuesday, September 10, 2002 10:24 AM > > Subject: Security and Struts > > > > > > > Hey all, > > > > > > I'm looking for a job document and example about best practices in > > > implementing security in struts. > > > I've got the general idea about placing all my JSP's under WEB-INF, but > a > > > doc/example might really solidify it for me. Thanks in advance. > > > > > > Darren. > > > > > > -- > > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
