struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Sherman <a...@teachandtravel.com>
Subject Re: Security Best-Practices?
Date Wed, 23 Oct 2002 13:39:42 GMT
Troy Hart wrote:
> request.getUserPrincipal().getName()
> 
> You obviously need to fill in the gaps here. I have only provided a high
> level view of the solution. For example, I haven't mentioned anything
> about what you would use to "lookup a user profile". You would NOT use
> your LoginModule for this purpose. In my solution my LoginModule uses a
> UserProfileStore object that abstracts access to a store of user profile
> information. I use this same UserProfileStore from a struts action when
> I need to associate a UserProfile object with an HttpSession.
> 
> I think this is a pretty clean solution. Hopefully I will have given you
> some helpful information.

You make a lot of sense, I think I'll stick to using a plain Tomcat 
Realm that points to a user database, and have the rest of the info in 
separate table keyed on the username.

Thanks for the advice,

A.

-- 
Adam Sherman
Software Developer
Teach and Travel Inc.
+1.613.241.3103



--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message