struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mete Kural <meteku...@yahoo.com>
Subject Re: Struts/Container-Managed Authentication Question
Date Fri, 19 Jul 2002 16:17:02 GMT
Hi Max,

Great that you're working on this stuff. By the way, I
had to temporarily remove the functionality of having
a login form on every page in my app, but rather one
login form on the index page which is only seen when
users first come into the page. In every other page
you have to first click on the login link and then be
directed by the container to the form. This way I
don't have the problem of users entering the site
through links on google, etc. It may not be as nice as
having a login form on every page but at least if
users are coming in through the index page they can go
through a simple one-click login process.

One question about your filter: Is it possible to
somehow tie it up to container-managed security? I
know that you provide all the methods such as
userInRole() etc. but if you're on an EJB platform the
container has to be user-aware also. Is it possible to
add a feature to your filter that makes the container
user-aware? If you would like any help to implement
something like that, I could help. I've been wanting
to do some open-source work but so far I've only been
using them. And also it would be good for my resume
since I need to find a job pretty soon.

Thanks,
Mete


--- Max Cooper <max@maxcooper.com> wrote:
> Torgeir,
> 
> Definitely. I'll be working on it next week
> (vacation, woo hoo! ;-) and hope
> to have a release version ready by the beginning of
> August. I'll post a link
> when it is ready.
> 
> I plan to release the source code, and I'd also like
> to provide a binary
> version that you can easily drop into an app to
> replace container-manager
> security (just move your security constraints out of
> web.xml and into a new
> file, and provide a very simple realm
> implementation). A nice feature of
> this approach is that you can deploy your whole app,
> including the realm
> implementation (which often depends on other parts
> of your code), as a
> single war file with no external dependencies. This
> packaging consideration
> is what drove the development intitially.
> 
> -Max
> 
> ----- Original Message -----
> From: "Struts Newsgroup"
> <@Basebeans.comstruts@basebeans.com>
> To: <struts-user@jakarta.apache.org>
> Sent: Friday, July 19, 2002 1:40 AM
> Subject: Re: Struts/Container-Managed Authentication
> Question
> 
> 
> > Subject: Re: Struts/Container-Managed
> Authentication Question
> > From: Torgeir Veimo <torgeir@pobox.com>
> >  ===
> > Max Cooper wrote:
> >
> > > If you can live with a short-term compromise of
> having a login link on
> every
> > > page rather than a login form, the first design
> I sent out should work
> for
> > > that. I have written a security filter that
> allows you to submit a login
> > > form without having been forced to the form. You
> then just configure the
> > > filter with a URL to dump users to after they
> authenticate themselves.
> > > Perhaps I should allow you to optionally
> configure the filter to
> remember
> > > where you submitted the form from and return you
> there upon successful
> > > authentication (a task for version 1.1). Anyway,
> I am in the process of
> > > preparing it for release (i.e. it works and I'm
> cleaning it up).
> >
> > Will you post the source (or a link) in this forum
> to that filter?
> >
> > --
> > -Torgeir
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
> >
> >
> 
> 
> --
> To unsubscribe, e-mail:  
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com

--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message