struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Radford <sradf...@bladesystems.co.uk>
Subject RE: Login Form
Date Thu, 10 Jul 2003 09:25:31 GMT
All,

Please find attached my securityfilter realm adaptor. The other code I
was waiting for hasn't materialised, so I couldn't do any comparison -
but it seems to work for me... Good luck, and any probs just shout.

And nope, I have know idea if the extra functionality is to be resolved
in the near future within an updated container specification. Any one
know how we could 'force' the issue?

Regards,

Sean
-- 
Dr. Sean Radford, MBBS, MSc
<sradford@bladesystems.co.uk>
http://bladesys.demon.co.uk/
Blade Systems

On Wed, 2003-07-09 at 15:33, Erez Efrati wrote:
> Sean,
> 
> many thanks for keeping up with my questions - appreciate it. And yes
> you are correct. I am using JBoss 3.0.7 / Tomcat 4.1.24. By the way have
> you got any idea if this issue is about to be resolved at the Servlet
> Container Spec ? 
> 
> Thanks,
> Erez
> 
> 
> 
> -----Original Message-----
> From: Sean Radford [mailto:sradford@bladesystems.co.uk] 
> Sent: Wednesday, July 09, 2003 11:19 AM
> To: Struts Users Mailing List
> Subject: RE: Login Form
> 
> On Tue, 2003-07-08 at 20:34, Erez Efrati wrote:
> > Thanks Sean, 
> > 
> > I looked at it and it does avoid the BIG limitation posed by the
> > standard spec in fact. Still I cannot use it since it disables the
> > passing of the principal identity through calls to EJB methods.
> > 
> That's what it says in the introductory documentation, but...
> 
> You're using JBoss/Tomcat right? Well give me a day and I'll email you a
> class that should do all you want... It's a RealmAdaptor for
> securityfilter/Jboss that uses the JBoss security extension and so
> correctly instantiates the Principal for the EJB layer. It works for me
> with JBoss4/Jetty, so you should give it a try. (I'm waiting on some
> code from another guy whose done similar and so just want to compare -
> if his stuff doesn't arrive shortly, I'll send mine as it)
> 
> 
> > Now, I am new to the web development and it amazes me that such a
> basic
> > feature is missing from the Servlet spec and is not addressed. Why is
> it
> > that way? Is it so unusual to want to have the login fields on the
> start
> > page??
> 
> Not unusual at all... And many Java sites have it that way, but they
> don't necessarily use container authentication and they probably don't
> use EJB's (many people steer clear - deep seated reservations from 1.0
> are still abound).
> 
> If I get time I'm going to try and get the Jetty guys to 'surface' their
> web Authenticators to allow developers to roll their own... I've looked
> at the code and shouldn't be too difficult - one or two areas I'm not
> sure about, but...
> 
> 
> > 
> > Thanks,
> > Erez 
> > 
> > 
> > -----Original Message-----
> > From: Sean Radford [mailto:sradford@bladesystems.co.uk] 
> > Sent: Tuesday, July 08, 2003 8:21 PM
> > To: Struts Users Mailing List
> > Subject: RE: Login Form
> > 
> > Have a look at this (you may find what you want):
> > 
> > http://sourceforge.net/projects/securityfilter/
> > 
> > Sean
> > 
> > 
> > > -----Original Message-----
> > > From: Erez Efrati [mailto:ereze@netmedia.net.il] 
> > > Sent: July 8, 2003 10:11 AM
> > > To: 'Struts Users Mailing List'
> > > Subject: Login Form
> > > 
> > > 
> > > Hi,
> > > 
> > > My question is a bit off Struts but still since I am using Struts
> and
> > > it's too urgent for me I thought to try my luck here, maybe someone
> > had
> > > stumbled on this issue too.
> > > 
> > > I am running JBoss/Tomcat/Struts using the JAAS for handling the
> > > application security aspects. I have used the
> > > <auth-method>FORM</auth-method> clauses inside the Web.xml file.
> > > 
> > > In my web site I want to have the site home page to have also a
> small
> > > login form where the user could enter username and password and
> login
> > to
> > > the site. The home page, contains other links as well, which lead to
> > > other parts of the site or even to external pages on other sites.
> > > 
> > > >From what I've read so far, it seems to me that the FORM method is
> > > activated only when the web user tries to access a protected page.
> > Then
> > > the Web Server (Tomcat in my case) returns the loginPage stated in
> the
> > > Web.xml file, and only after the login is performed
> (j_security_check)
> > > the Tomcat then redirects the web user to the original portected
> page.
> > > 
> > > Is it possible to have the site home page as the login page still
> > using
> > > mechanisms of FORM and JAAS? If so I would really appreciate any
> help
> > on
> > > how to do it, and what are the configurations required. 
> > > 
> > > Thanks,
> > > Erez
> > > 
> > > 
> > > 
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> > > 
> > > 
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message