struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Brown <>
Subject RE: JAAS Struts & JBoss + Tomcat
Date Mon, 07 Jul 2003 19:21:31 GMT

> > 1. From what I read here, I saw that I should probably use 
> the FORM auth
> > method, and that this page should not use any of the Struts tags. Is
> > that right? 
> It is best to use the FORM authentication because you can encrypt it 
> with SSL - otherwise your users' passwords will go over the 
> net in plain 
> text.
> I haven't tried using struts tags in the login form. From what Craig 
> said late yesterday about the login form (do a search on 
> j_security), it 
> is best to view it as totally seperate from your application - 
> essentially part of the container.
> > 

Using filters from the servlet 2.3 specifications is a very nice way to
manage auth/auth constraints.  Since you can manage filters however you
like, you can easily implement different levels of authorization for
different parts of your site.  Struts tags work fine in a login form however
you get to it.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message