You don't need to learn, it's an option.
If you need a secure system though you may want to use
some kind of authentication and authorization service.
You can learn just a little of JAAS which is enough to
use container managed security, or you can write your
own security mechanism (using or not jaas).
--- struts Dude <[EMAIL PROTECTED]> escreveu:
> Is it really necessary to learn JAAS in order to
> authenticate users
> in complex J2EE systems??
>
> More API to learn, more complication and headache.
> I would try to get away with it if I can.
>
> Regards
>
> ----- Original Message -----
> From: "Leandro Melo" <[EMAIL PROTECTED]>
> To: "struts jakarta" <[EMAIL PROTECTED]>
> Sent: Friday, August 20, 2004 4:40 PM
> Subject: Struts login with JAAS (Part 2)
>
>
> > I'm back!
> > After getting some jaas studies, i'm a little bit
> > better, so i can now formulate a better question.
> >
> > Here it is... (I know that this is not only a
> Struts
> > question, because it envolves jaas, but i'm pretty
> > sure that people over here could give me some
> advise
> > on how to handle the problem).
> >
> >
> > I got my application protected with JAAS, so users
> > cannot access any pages or servles withou a login.
> I
> > build then an Action to handle login stuff.
> >
> > Heres the code of my LoginAction (execute method).
> >
> > //...
> > String j_username =
> > (String)request.getParameter("j_username");
> > String x =
> (String)request.getParameter("j_password");
> >
> > if (x != null){
> > j_password = x.toCharArray();
> > handler = new UsernamePasswordHandler(j_username,
> > j_password);
> > }
> >
> > LoginContext lc = null;
> >
> > try {
> > lc = new LoginContext("example2",
> handler);
> > lc.login();
> >
> >
> > //this part doesn't matter very much
> > Subject subject = lc.getSubject();
> > Set principals = subject.getPrincipals();
> > Principal user = new SimplePrincipal(j_username);
> > principals.add(user);
> >
> > } catch (LoginException e) {
> > // TODO Auto-generated catch block
> > e.printStackTrace();
> > throw new Exception();
> > }
> >
> > return mapping.findForward("index");
> >
> >
> >
> > The above code runs perfectly! It logs the user
> > correctly and then i'm forwared to my index page.
> > [b]But[/b], when i get to index, everything is
> gone!!!
> > I'm not logged anymore. If i try to access another
> > page in my application, i'm redirect to the
> login.jsp
> > page again!!!
> >
> > I heard that this is because the multi-thread
> > characteristic of the servlets, but
> >
> > How can i workaround this??? how can i make this
> > maintain my login through the rest of my
> session???
> >
> >
> > Here's a piece of login-config.xml
> >
> > <application-policy name = "client-login">
> > <authentication>
> > <login-module code =
> > "org.jboss.security.ClientLoginModule"
> > flag = "required">
> > </login-module>
> > </authentication>
> > </application-policy>
> >
> >
> >
> > <application-policy name="example2">
> > <authentication>
> > <login-module
> >
>
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
> > flag="required">
> > <!--<module-option
> >
>
name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Default
> DS</module-option>-->
> > <module-option
> > name="dsJndiName">java:/DefaultDS</module-option>
> > <module-option name="principalsQuery">Select
> > Password from Principals where PrincipalID
> > =?</module-option>
> > <module-option name="rolesQuery">Select Role
> > 'Roles', RoleGroup 'RoleGroups' from Roles where
> > PrincipalID =?</module-option>
> > </login-module>
> > </authentication>
> > </application-policy>
> >
> >
> > Thanks and regards,
> > Leandro
> >
> >
> >
> >
> >
> >
>
_______________________________________________________
> > Yahoo! Acesso Gr�tis - navegue de gra�a com
> conex�o de qualidade!
> > http://br.acesso.yahoo.com/
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
_______________________________________________________
Yahoo! Acesso Gr�tis - navegue de gra�a com conex�o de qualidade!
http://br.acesso.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
