struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mohan Radhakrishnan <>
Subject RE: Logout in a container-managed security environment
Date Wed, 25 Sep 2002 07:09:29 GMT
       I am not sure how Container-managed login security will affect Struts
loginform and loginaction. How do you forward to the main screen after login
in this case?

-----Original Message-----
From: Eddie Bush []
Sent: Tuesday, September 24, 2002 10:43 PM
To: Struts Users Mailing List
Subject: Re: Logout in a container-managed security environment

It all falls under "Container-Managed Authentication".  It's just a 
different authentication method.

FORM-based authentication is what you see ... on a lot of sites :-) 
(either that or custom [roll-your-own] authentication) where you get the 
login prompt in the form of an actual page.  The keys are:
    - submit to action="j_security_check"
    - field named "j_username"
    - field named "j_password"

You would configure your security-constraints the same way you do now. 
 This is a servlet specification thing.  The only thing that you 
(should) have to change is the type of authentication (there is 
additional configuration for form-based auth - must specify login page 
and error page).  Apart from the minor differences in configuration, it 
really is as straight-forward as the above.  Note that you'll have to 
configure a realm for the container to lookup the users in.  This could 
be a flat-file, a DBMS, or JNDI resource.  Of course, you could probably 
"roll your own" here too (Tomcat lets you anyway), so you're not really 
constrained to using only those provided.  For more information on 
realms, see your servlet container's user guide - that is container 
specific (the configuration is anyway).  Oh, nevermind - you had to do 
that for BASIC as well - duh.  Ok :-)  That's really it.

Here is my form-based auth config - it should look strikingly similar to 
what you already have ;-)


I reference Jason Hunter's book Java Servlet Programming, and also Hans 
Bergsten's book Java Server Pages (both from O'Reilly).  Both of them 
include information on this topic.  I think I tend to refer to Hans' 
book more often though ... though I'm not sure why :-)  I think it's 
because that's the one I have it bookmarked in.  You should also be able 
to reference the servlet specification itself.

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message