struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: JAAS Struts & JBoss + Tomcat
Date Fri, 04 Jul 2003 15:41:01 GMT
Erez Efrati wrote:
> Hi, I am trying to integrate the JAAS into my Struts application running
> on JBoss 3.0.7 + Tomcat. I am a newbie here, and I would appreciate your
> help on several questions:
> 1. From what I read here, I saw that I should probably use the FORM auth
> method, and that this page should not use any of the Struts tags. Is
> that right? 

It is best to use the FORM authentication because you can encrypt it 
with SSL - otherwise your users' passwords will go over the net in plain 

I haven't tried using struts tags in the login form. From what Craig 
said late yesterday about the login form (do a search on j_security), it 
is best to view it as totally seperate from your application - 
essentially part of the container.

> 2. In my application, the first thing a user does is passing a
> registration wizard. How can I set different set of permissions using
> the web.xml to the registration wizard pages and to the rest of the
> application, where both are handled by the struts ActionServlet servlet?

You have action mappings for your app's modules, correct? Set up 
security constraint in web.xml to secure the different action mappings 
in different ways - i.e.

> 3. Regarding more to JBoss + Tomcat, I don't understand what happens
> when a web client accesses a protected page. Does JBossSX which
> implements the authentication takes over and perform the authentication?
> After the authentication is done, does my Struts action can invoke EJB
> methods freely or should they authenticate as well?

sorry don't know jboss.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message