incredibly nice of you Mike. Thanks so much, I'll read it over the weekend and mail you next week if I have problems.
But before I start, once you understand JAAS, is it the right way to go in terms of authentication and authorisation? Is it worth the trouble I mean. thanks so much, Brian ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 04, 2003 4:00 PM Subject: RE: Authentication and Authorisation Newbie > Let me tell you.....Learning JAAS sucks. > But, now that I have spent 2 months learning it, I will tell you... > First, read the JavaWorld.com document on JBossSX and JAAS. That is a start. But there are several things that confused the heck out of me. > http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html > > If, after reading that document, you have any questions, email me. > BTW, Are you going to use the DatabaseServerLoginModule? It is very easy. > Also, email me and I will send you the files I have as an example of using DatabaseServerLoginModule > > -----Original Message----- > From: Brian McSweeney [mailto:[EMAIL PROTECTED] > Sent: Friday, April 04, 2003 4:46 PM > To: Struts Users Mailing List > Subject: Authentication and Authorisation Newbie > > > Hi all, > > I'm using JBoss and EJBs and struts as my web app. > I've got some resources that are protected and for the > moment I've written a Filter which protects them. > > However this may not be the best way to do this. I'm > vaguely aware that J2EE can use JAAS and I can have > things like roles and principles and that these can > be propogated from the servlets to methods on the > session facade and that this is probably the right > way to go. > > However the limited bit of documentation that I've > read on this seems very non-standard and confusing. > > I'd like to know people's experience with this area and > any advice if possible. > > thanks very much, > Brian > > Visit our website at http://www.ubswarburg.com > > This message contains confidential information and is intended only > for the individual named. If you are not the named addressee you > should not disseminate, distribute or copy this e-mail. Please > notify the sender immediately by e-mail if you have received this > e-mail by mistake and delete this e-mail from your system. > > E-mail transmission cannot be guaranteed to be secure or error-free > as information could be intercepted, corrupted, lost, destroyed, > arrive late or incomplete, or contain viruses. The sender therefore > does not accept liability for any errors or omissions in the contents > of this message which arise as a result of e-mail transmission. If > verification is required please request a hard-copy version. This > message is provided for informational purposes and should not be > construed as a solicitation or offer to buy or sell any securities or > related financial instruments. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]