Hello, A simple home brew approach would be to develop a custom ActionMapping and use it. Then on every action(based on the request made) call the custom ActionMapping and check which groups are allows. This way you can divide the users in groups. And in your struts-config.xml's action mapping tag you can specify which groups it is allowed and similarly you can check if the requested user belongs to this group. In my opinion JAAS takes care of a lot of scenarios but its about 80-20 factor, if you can solve 80% of your possible problems by 20% approach it should work just fine. Hope this helps rajat
-----Original Message----- From: Adam Lipscombe [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 16, 2004 3:39 PM To: 'Struts Users Mailing List' Subject: RE: Newbie: Using Struts with JAAS? Hi Joe, Thanks for that. I cant comment which approach most appropriate 'cos I haven't used them, Really I am looking for advice on which is the most practical "real-world" way to enforce security in a Struts 1.1 environment. I don't need anything fancy - just logging a user in and then preventing access to certain URL's, based on the users role. I have tight deadlines and cant afford to spend heaps of time researching and experimenting with the various security options. I need a simple example of something that works and is robust. In previous projects I have used home-grown security like the approach I mentioned originally. But having done some reading on JAAS and Tomcat security (realms) maybe these approaches are better? I don't want to re-invent anything. Thanks for your input.... Adam -----Original Message----- From: Joe Hertz [mailto:[EMAIL PROTECTED] Sent: 16 June 2004 10:22 To: 'Struts Users Mailing List' Subject: RE: Newbie: Using Struts with JAAS? You've got a middle case youre not mentioning. What's wrong with container managed/declarative security (ex: A JDBCRealm) or something a shade more robust like SecurityFilter? > -----Original Message----- > From: Adam Lipscombe [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 16, 2004 5:11 AM > To: 'Struts Users Mailing List' > Subject: Newbie: Using Struts with JAAS? > > > Folks, > > > I am struggling to understand how to use JAAS with Struts 1.1 I need a > simple-to-follow example. > > > The requirement is for standard authentication and permission > handling - logging a user in and checking that they have > permission to access an Action or URL. > > Should I use JAAS or home-grown security? > > If I go down the home-grown route logging in a user is no problem. > One way that occurs to me to enforce permissions is to put a > check into each JSP to ensure that the user has the > appropriate role to view that page and redirect if not. > > > What do people think? Is JAAS the way to go? > If JAAS, what are the advantages in a Struts context? > Is there a simple JAAS example somewhere that I can cut and > paste from? > > > > TIA - Adam > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
