If your using Tomcat 5.5.x, then this may help:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#JAASRealm
/robert
Laurie Harper wrote:
I haven't used container managed security very much but I think the way
you'd do that is to set up multiple security realms in Tomcat (one per
application or one per database) and then configure your security
constraints in the web.xml for each application. Your Tomcat books
should have more details on how to do that than I can provide I'm afraid...
L.
C.F. Scheidecker Antunes wrote:
Thanks Laurie!
I have quite a few Struts and Tomcat books. What I wonder is exactly
where to set up JAAS. That's because I might have more than one app in
the same Tomcat5 server. So I wonder if for each database/application
I could configure JAAS separately, that is can I do it only within one
Struts apps use a separate database,tables for that specific struts
apps? If so what is the XML config file that I should have that? My
struts-config.xml?
Laurie Harper wrote:
C.F. Scheidecker Antunes wrote:
I am learning my ways through Struts having done Servlets and JSPs
before. In order to have authentication functionalities with my
Servlets I used to have a user table and a roles table. Once the
user logs in he/she would be authenticated with the user name,
password through Tomcat as it was configured with the database
information, table name, etc.
I would like to do pretty much the same with Struts. I have checked
the O'Reilly Struts Cookbook but, although it has great
authentication tips, it does not include a recipe to have
authentication with a database. Is there any article on how to
perform it with Struts? Any books that you would suggest?
So what I think is that I should have a model class to do this kind
of authentication rather than using the XML config files. However
how would I include all the roles in that class? Have a data
structure like a list maybe? That way I could always check for a
specific role for every JSP or action whether the user would be
allowed or not. Any thoughts?
You can set up container managed security in just the same was as
you've done previously, you don't need to do anything new or
different with Struts (provided container managed security gives you
everything you need). Once you have it setup you can tell Struts to
restrict access to actions based on roles through struts-config.xml.
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]