You can use the same database for CMA and user profile storage, if your container supports JAAS authentication. All you need to do is write a LoginModule (see JAAS docs on sun's site) that accesses the user profile database. When your LoginModule is accessed to login a user it will need to create a Subject that contains a single "user" Principal who's name is the id/name of the user in the database. The type of the "user" Principal must be consistent with what your container expects in order to implement the HttpServletRequest method:
getUserPrincipal() Your Subject can also contain multiple "group" principals and other arbitrary principals. You need to understand the requirements of your container in this regard, and understand JAAS authorization in general. My current project is targeted at weblogic 7, so I had to implement one of their security service provider apis in addition to the LoginModule, but it works great. When I need to access a user profile object in order to get an address, or a credit card number, or whatever...I lookup a user profile for the id returned by: request.getUserPrincipal().getName() You obviously need to fill in the gaps here. I have only provided a high level view of the solution. For example, I haven't mentioned anything about what you would use to "lookup a user profile". You would NOT use your LoginModule for this purpose. In my solution my LoginModule uses a UserProfileStore object that abstracts access to a store of user profile information. I use this same UserProfileStore from a struts action when I need to associate a UserProfile object with an HttpSession. I think this is a pretty clean solution. Hopefully I will have given you some helpful information. Good Luck, Troy On Tue, 2002-10-22 at 12:14, Adam Sherman wrote: > Taylor, Jason wrote: > > Search the mail archive for container-managed authentication (CMA). There > > was a lot of discussion on the subject a week or two ago. Craig McClanahan > > has posted some good rants on the subject... > > Good reading, thanks. > > I'm thinking that I will have to implement an application-specific user > database, and create a new entry in it for every new authenticated user > that comes down from the container. Kinda hackish, but I don't see > another way. > > That, or use SecurityFilter (http://securityfilter.sourceforge.net/), > then move to CMA if I have to. > > Thanks, > > A. > > > -- > Adam Sherman > Software Developer > Teach and Travel Inc. > +1.613.241.3103 > > > > -- > To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> > For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org> > -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>
