/Ian
Mark McLaren wrote:
Hi all, I think this is a generic problem rather than something Struts 2 specific. Ideally in this situation you would want to be able to access getRemoteUser() and isUserInRole() from the request. One approach is to use your application servers' container managed security, e.g. Tomcat JAASRealm. Alternatively, the best way I can come up with is by extending HttpServletRequestWrapper so that you can perform a setUserPrincipal(), setRemoteUser() (etc.) and then wrapping the request with your HttpServletRequestWrapper inside a ServletFilter. Here is a VERY simple example that I wrote of such a filter which sets up a user called "test" using this idea. <https://bmarks-portlet.svn.sourceforge.net/svnroot/bmarks-portlet/bmarks-portlet/trunk/src/main/java/uk/ac/bris/portlet/bookmarks/web/SimpleAuthFilter.java> However, since this relies on a ServletFilter you will require a slightly different mechanism for portlets. Mark On 9/17/07, Eugen Stoianovici <[EMAIL PROTECTED]> wrote:I would like a tutorial on integrating jaas in struts2 too. Or rather than a tutorial, i would like to see some working code. I've done a lot of reading (i'm new to java web applications, it's been only a month since i've started) and i have some understanding on how this should work but i just can't picture it yet in a real app. I know I'm not being helpful here, sorry. But if anyone wants to write a tutorial on this, it would be greatly appreciated regards Eugen Stoianovici Muhammad Momin Rashid wrote:Hello Tom, Thanks for your continued input. The application isn't simple, it is a J2EE application which will serve a large number of users (users will be using Web Browser or Mobile Device to access the application). Based on the help I got on this list, I have been successful in setting up JAAS and authenticating the user. Now I am just not sure if the user credentials are being kept. Following is the code I wrote which processes the user's login. Can you see what I am missing? I have placed the following code in the execute method of my action, perhaps it isn't the right place? Subject subject; Set principalList; String returnValue = SUCCESS; try { SecurityAssociationHandler handler = new SecurityAssociationHandler(); SimplePrincipal user = new SimplePrincipal(username); handler.setSecurityInfo(user, password.toCharArray()); LoginContext loginContext = new LoginContext("ContentPlatform", (CallbackHandler) handler); loginContext.login(); subject = loginContext.getSubject(); principalList = subject.getPrincipals(); principalList.add(user); System.out.println("o0o0o subject:" + subject); System.out.println("o0o0o principle:" + principalList); } catch (LoginException e) { e.printStackTrace(); returnValue = ERROR; } return returnValue; Regards, Muhammad Momin Rashid. tom tom wrote:If it's simple application, you dont need JAAS, You can do it via just session management isnt it? You might need user, role, user-role threee tables on database thats it :) If you are using Application server like Jboss, the server itself got inbuilt features, which is altogether a different discussion. If the application is simple, do not make it complicated, we use JASS with CAS central authentication service which provided SSO features. hope this helps --- Muhammad Momin Rashid <[EMAIL PROTECTED]> wrote:Hello tom, I am building a J2EE application, that is going to be viewed using Web Browser and Mobile Devices. I am trying to implement security so that only a logged in user with the correct role can access the different parts of the application e.g. a non-logged in user can only access the public information, a logged in user can access his private data, and an logged in admin user can access the admin console. Regards, Muhammad Momin Rashid. tom tom wrote:what exactly you are trying to do? --- Muhammad Momin Rashid <[EMAIL PROTECTED]>wrote:Hello Everyone, I am looking for a tutorial for integrating JAAS into my Struts 2 + Hibernate Application. Can anyone point me totheright resources? Is JAAS the best way to go, or there are better alternates? If anyone thinks there are better alternates, can youprovideme with the links to relevant tutorials? Regards, Muhammad Momin Rashid.---------------------------------------------------------------------To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]____________________________________________________________________________________Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Searchhttp://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz---------------------------------------------------------------------To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]____________________________________________________________________________________ Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=list&sid=396545469--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
