Tim,
The first problem of populating a form bean with user data can be handled by populating/creating a UserBean using techniques such as a servlet filter. Alternatively, you can extend the RequestProcessor. Other techniques that work, but are not as global in nature, are using a base action. The last technique which provides the least coverage is to use a <jsp:useBean> tag which creates/retrieves a UserBean and populates user data on the setter method for the user name.
As far as logging of failed attempts, using container-managed security, this will vary by container. Have you tried applying a filter to j_security_check? I don't know if this is allowed by the servlet spec, but it would seem to be one way you could check for successful login.
AFAIK, SecurityFilter should allow you to "roll your own" security while still permitting similar ease of configuration for authentication and authorization as container-managed security.
-Bill Siggelkow
Tim Christopher wrote:
Hi,
I've recently discovered that it is not possible to map an action to j_security_check. Given this situation how is it possible to populate a form bean with user data, or create a log of any failed login attempts (bad username / password) if the container takes control of the entire login process?
Looking back at previous posts to the newsgroup I can see that in the past people have just used plain html to produce the j_security_check form. Is it possible to do this using the <sslext:form> tag, but so that it does not require a Struts action mapping for j_security_check to be present?
I was currently intending on using JDBCRealm and the security-filter to control the site's security, though given the above problems I'm starting to think there might be a better way? Or are these problems everyone has already solved, as surely some form of login system is present in the vast majority of Struts applications.
Cheers for any help / suggestions.
Tim Christopher
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
