struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: JAAS Struts & JBoss + Tomcat
Date Fri, 04 Jul 2003 15:41:01 GMT
Erez Efrati wrote:
> Hi, I am trying to integrate the JAAS into my Struts application running
> on JBoss 3.0.7 + Tomcat. I am a newbie here, and I would appreciate your
> help on several questions:
> 
> 1. From what I read here, I saw that I should probably use the FORM auth
> method, and that this page should not use any of the Struts tags. Is
> that right? 

It is best to use the FORM authentication because you can encrypt it 
with SSL - otherwise your users' passwords will go over the net in plain 
text.

I haven't tried using struts tags in the login form. From what Craig 
said late yesterday about the login form (do a search on j_security), it 
is best to view it as totally seperate from your application - 
essentially part of the container.

> 
> 2. In my application, the first thing a user does is passing a
> registration wizard. How can I set different set of permissions using
> the web.xml to the registration wizard pages and to the rest of the
> application, where both are handled by the struts ActionServlet servlet?
> 

You have action mappings for your app's modules, correct? Set up 
security constraint in web.xml to secure the different action mappings 
in different ways - i.e. wizard.do

> 3. Regarding more to JBoss + Tomcat, I don't understand what happens
> when a web client accesses a protected page. Does JBossSX which
> implements the authentication takes over and perform the authentication?
> After the authentication is done, does my Struts action can invoke EJB
> methods freely or should they authenticate as well?
> 

sorry don't know jboss.

Adam


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message