Hi, I am trying to integrate the JAAS into my Struts application running on JBoss 3.0.7 + Tomcat. I am a newbie here, and I would appreciate your help on several questions:
1. From what I read here, I saw that I should probably use the FORM auth
method, and that this page should not use any of the Struts tags. Is
that right?
It is best to use the FORM authentication because you can encrypt it with SSL - otherwise your users' passwords will go over the net in plain text.
I haven't tried using struts tags in the login form. From what Craig said late yesterday about the login form (do a search on j_security), it is best to view it as totally seperate from your application - essentially part of the container.
2. In my application, the first thing a user does is passing a registration wizard. How can I set different set of permissions using the web.xml to the registration wizard pages and to the rest of the application, where both are handled by the struts ActionServlet servlet?
You have action mappings for your app's modules, correct? Set up security constraint in web.xml to secure the different action mappings in different ways - i.e. wizard.do
3. Regarding more to JBoss + Tomcat, I don't understand what happens when a web client accesses a protected page. Does JBossSX which implements the authentication takes over and perform the authentication? After the authentication is done, does my Struts action can invoke EJB methods freely or should they authenticate as well?
sorry don't know jboss.
Adam
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
