struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eddie Bush <>
Subject Re: Keeping track of users
Date Sun, 28 Jul 2002 18:44:33 GMT
Hey, Vic!  I feel a bit stupid, as I didn't realize in our prior 
conversation about basicportal that JAAS was a standard 
authorization/authentication mechanism.  I hit the Sun site last night 
and read up on it a bit.  Something I don't find very obvious wrt 
application-specific implications are:

will getRemoteUser return what one would expect?
will isUserInRole return what one would expect?
will getPrinciple return what one would expect?

I guess what I'm trying to understand is:  Is JAAS "the current best 
solution" for form-based authentication where you want to "let" the user 
login instead of "make" the user login?  If you've read my other post on 
"Working around CMA in an AS-independent way", you'll see what I believe 
to be a solution to this unfortunate perdicament many of us find 
ourselves in wrt FORM-based authentication.  I don't see why it wouldn't 
work, though I have not yet implemented it (I'm working on learning OJB 
right now).  Assuming my solution works, I think it's probably a better 
work-around than JAAS, since you don't have to deal with additional 
maintenance of your own realm implementation.

As I asked in my other post:

Am I deluding myself, or is this a solution?



Struts Newsgroup ( wrote:

>Subject: Re: Keeping track of users
>From: Vic C <>
> ===
>(more a tomcat list question?)
>If they logged in using JAAS, you can see the list of users (or you can 
>log in db who goes in or out).
>HTTP is a stateless protocol, the session would time out.

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message