struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject RE: What is a better way to check user login?
Date Wed, 14 Aug 2002 16:48:34 GMT


On Wed, 14 Aug 2002, Jacob Hookom wrote:

> Date: Wed, 14 Aug 2002 00:33:18 -0500
> From: Jacob Hookom <hookomjj@uwec.edu>
> Reply-To: Struts Users Mailing List <struts-user@jakarta.apache.org>
> To: 'Struts Users Mailing List' <struts-user@jakarta.apache.org>
> Subject: RE: What is a better way to check user login?
>
>
>
> | -----Original Message-----
> | From: Troy Hart [mailto:thart@part.net]
> | Sent: Tuesday, August 13, 2002 11:27 PM
> | To: Struts Users Mailing List
> | Subject: Re: What is a better way to check user login?
> |
> | This topic has been discussed quite a bit on this list. I think the
> | consensus is that you should really use container managed
> authentication
> | (cma). You should search through the archives for discussions on the
> | topic. According to some you would be crazy (or maybe even stupid) to
> do
> | it any other way. Sometimes you don't have a lot of choice in the
> | matter, due to any number of factors, but you will be happy if you can
> | bite it off. :-)
>
> Although, there is the issue of managing security where there are no
> definitive 'roles' available and security is managed on a per
> request/parameter basis.
>
> I'm still trying to piece together how I can implement a Realm for my
> project-- possibly bit masking a long or using a float's mantissa in
> packing all the data I need into a string to validate as a role ;-)
>

Defining what your needs are would be a good starting point :-).  Without
that, I don't see how you can make any architectural decisions about how
to support your security requirements.

> -Jake

Craig


>
> |
> | Good luck,
> |
> | Troy
> |
> |
> | On Tue, 2002-08-13 at 22:10, Struts Newsgroup (@Basebeans.com) wrote:
> | > Subject: What is a better way to check user login?
> | > From: "Hu Ji Rong" <hujirong888@yahoo.com>
> | >  ===
> | > Hi,
> | >
> | > I saw various ways to check user login in Struts, but a bit
> confused.
> | > CheckLogon Tag in Struts example, check user session data, overwrite
> the
> | > ActionServlet, and so on. Overwrite the ActionServlet maybe also
> have
> | > problem to migrate to 1.1?
> | >
> | > Can anyone point to a right way? We have normally form based login
> page
> | to
> | > validate the user.
> | >
> | > Thanks,
> | > JiRong
> | >
> | >
> | >
> | > --
> | > To unsubscribe, e-mail:   <mailto:struts-user-
> | unsubscribe@jakarta.apache.org>
> | > For additional commands, e-mail: <mailto:struts-user-
> | help@jakarta.apache.org>
> | >
> |
> |
> |
> | --
> | To unsubscribe, e-mail:   <mailto:struts-user-
> | unsubscribe@jakarta.apache.org>
> | For additional commands, e-mail: <mailto:struts-user-
> | help@jakarta.apache.org>
> |
> | ---
> | Incoming mail is certified Virus Free.
> | Checked by AVG anti-virus system (http://www.grisoft.com).
> | Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002
> |
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002
>
>
>
> --
> To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message