I have seen this done in webshpere 5.x application server where you can create a custom security provider that acts as a stand-in for your J2EE security provider. This custom provider can authenticate principals, groups and users in groups to any data source.
Sorry, can't speak for tomcat. Gary -------------- Original message -------------- > I haven't used container managed security very much but I think the way > you'd do that is to set up multiple security realms in Tomcat (one per > application or one per database) and then configure your security > constraints in the web.xml for each application. Your Tomcat books should > have more details on how to do that than I can provide I'm afraid... > > L. > > C.F. Scheidecker Antunes wrote: > > > Thanks Laurie! > > > > I have quite a few Struts and Tomcat books. What I wonder is exactly > > where to set up JAAS. That's because I might have more than one app in > > the same Tomcat5 server. So I wonder if for each database/application I > > could configure JAAS separately, that is can I do it only within one > > Struts apps use a separate database,tables for that specific struts > > apps? If so what is the XML config file that I should have that? My > > struts-config.xml? > > > > > > Laurie Harper wrote: > > > >> C.F. Scheidecker Antunes wrote: > >> > >>> I am learning my ways through Struts having done Servlets and JSPs > >>> before. In order to have authentication functionalities with my > >>> Servlets I used to have a user table and a roles table. Once the user > >>> logs in he/she would be authenticated with the user name, password > >>> through Tomcat as it was configured with the database information, > >>> table name, etc. > >>> > >>> I would like to do pretty much the same with Struts. I have checked > >>> the O'Reilly Struts Cookbook but, although it has great > >>> authentication tips, it does not include a recipe to have > >>> authentication with a database. Is there any article on how to > >>> perform it with Struts? Any books that you would suggest? > >>> > >>> So what I think is that I should have a model class to do this kind > >>> of authentication rather than using the XML config files. However how > >>> would I include all the roles in that class? Have a data structure > >>> like a list maybe? That way I could always check for a specific role > >>> for every JSP or action whether the user would be allowed or not. Any > >>> thoughts? > >> > >> > >> > >> You can set up container managed security in just the same was as > >> you've done previously, you don't need to do anything new or different > >> with Struts (provided container managed security gives you everything > >> you need). Once you have it setup you can tell Struts to restrict > >> access to actions based on roles through struts-config.xml. > >> > >> L. > > > -- > Laurie, Open Source advocate, Java geek and novice blogger: > http://www.holoweb.net/laurie > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >