struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erez Efrati <er...@netmedia.net.il>
Subject RE: Login Form
Date Wed, 09 Jul 2003 14:33:24 GMT
Sean,

many thanks for keeping up with my questions - appreciate it. And yes
you are correct. I am using JBoss 3.0.7 / Tomcat 4.1.24. By the way have
you got any idea if this issue is about to be resolved at the Servlet
Container Spec ? 

Thanks,
Erez



-----Original Message-----
From: Sean Radford [mailto:sradford@bladesystems.co.uk] 
Sent: Wednesday, July 09, 2003 11:19 AM
To: Struts Users Mailing List
Subject: RE: Login Form

On Tue, 2003-07-08 at 20:34, Erez Efrati wrote:
> Thanks Sean, 
> 
> I looked at it and it does avoid the BIG limitation posed by the
> standard spec in fact. Still I cannot use it since it disables the
> passing of the principal identity through calls to EJB methods.
> 
That's what it says in the introductory documentation, but...

You're using JBoss/Tomcat right? Well give me a day and I'll email you a
class that should do all you want... It's a RealmAdaptor for
securityfilter/Jboss that uses the JBoss security extension and so
correctly instantiates the Principal for the EJB layer. It works for me
with JBoss4/Jetty, so you should give it a try. (I'm waiting on some
code from another guy whose done similar and so just want to compare -
if his stuff doesn't arrive shortly, I'll send mine as it)


> Now, I am new to the web development and it amazes me that such a
basic
> feature is missing from the Servlet spec and is not addressed. Why is
it
> that way? Is it so unusual to want to have the login fields on the
start
> page??

Not unusual at all... And many Java sites have it that way, but they
don't necessarily use container authentication and they probably don't
use EJB's (many people steer clear - deep seated reservations from 1.0
are still abound).

If I get time I'm going to try and get the Jetty guys to 'surface' their
web Authenticators to allow developers to roll their own... I've looked
at the code and shouldn't be too difficult - one or two areas I'm not
sure about, but...


> 
> Thanks,
> Erez 
> 
> 
> -----Original Message-----
> From: Sean Radford [mailto:sradford@bladesystems.co.uk] 
> Sent: Tuesday, July 08, 2003 8:21 PM
> To: Struts Users Mailing List
> Subject: RE: Login Form
> 
> Have a look at this (you may find what you want):
> 
> http://sourceforge.net/projects/securityfilter/
> 
> Sean
> 
> 
> > -----Original Message-----
> > From: Erez Efrati [mailto:ereze@netmedia.net.il] 
> > Sent: July 8, 2003 10:11 AM
> > To: 'Struts Users Mailing List'
> > Subject: Login Form
> > 
> > 
> > Hi,
> > 
> > My question is a bit off Struts but still since I am using Struts
and
> > it's too urgent for me I thought to try my luck here, maybe someone
> had
> > stumbled on this issue too.
> > 
> > I am running JBoss/Tomcat/Struts using the JAAS for handling the
> > application security aspects. I have used the
> > <auth-method>FORM</auth-method> clauses inside the Web.xml file.
> > 
> > In my web site I want to have the site home page to have also a
small
> > login form where the user could enter username and password and
login
> to
> > the site. The home page, contains other links as well, which lead to
> > other parts of the site or even to external pages on other sites.
> > 
> > >From what I've read so far, it seems to me that the FORM method is
> > activated only when the web user tries to access a protected page.
> Then
> > the Web Server (Tomcat in my case) returns the loginPage stated in
the
> > Web.xml file, and only after the login is performed
(j_security_check)
> > the Tomcat then redirects the web user to the original portected
page.
> > 
> > Is it possible to have the site home page as the login page still
> using
> > mechanisms of FORM and JAAS? If so I would really appreciate any
help
> on
> > how to do it, and what are the configurations required. 
> > 
> > Thanks,
> > Erez
> > 
> > 
> > 
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> > 
> > 
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
-- 
Dr. Sean Radford, MBBS, MSc
<sradford@bladesystems.co.uk>
http://bladesys.demon.co.uk/
Blade Systems


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message