struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phase Web and Multimedia" <m...@phase.ws>
Subject RE: Security Solution
Date Tue, 02 Apr 2002 20:23:35 GMT
Greetings Michael,

I don't believe it has to be struts specific. But, I have never used it
anywhere but struts. There many other features I would like to add to it.
Specifically an ldap realm for authorization and perhaps add some hooks that
will provide EJB conectivity. Do to my EJB ignorance I don't even know if it
is possible.

One thing to note. Because a webapp has limited access to the server scope
this security solution is context specific for now. This is why I want to
add some of the afformentioned hooks. I also imagine it would be possible to
store the security xml file so that it can be cross context and provide a
single security config for multiple contexts under a host.

Another thing to note is that many of the apis that are out there (ie tiles,
jsp, servlet) take advantage of the container managed security by checking
roles. These are all container specific. I've chosen to abandon all of those
niceties to gain greater flexibility in other areas. I have sacrificed the
standard convention that these mechanisms provide. I feel it is a good
decision for my niche.

I will be providing mechanisms equal to the isUserInRole(), getRemoteUser(),
and getUserPrincipal(). But these objects will be context-session specific.

My solution should be able to work as an app level link to a larger security
system that bypasses tomcat security all-together.

I have heard some speak about ejb as thought they need the container-managed
security. This might be so. I don't know. I am hoping that someone might be
able to provide that functionality.

If you would like to look at my code I am more than happy to pass it on.
But, it is narrow in scope to my application. This has become apparent to me
as I read some email regarding what I have developed. I believe the code and
concept to be a good starting point to provide a better security framework.

The strongest part of the code it the SecurityFilter and MulitpleLogin
configuration options.

Let me know,
Brandon Goodin
Phase Web and Multimedia
P (406) 862-2245
F (406) 862-0354
mail@phase.ws
http://www.phase.ws


-----Original Message-----
From: Michael Mok [mailto:michaelm@consultech.net.au]
Sent: Monday, April 01, 2002 7:11 PM
To: mail@phase.ws
Subject: RE: Security Solution


Hi Brendon

We are interested to see your alternate solution for container managed
security. Does your solution need STRUTS and will it tie in easily with
STRUTS?
Can you send us your source code?

Thanks in advance.

Michael Mok




--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message