You mean extending struts controller to accomodate JAAS? Cant we insert a filter before the Controller to handle this? You can have also have something like a LoginAction that uses JAAS to authenticate and store a variable in the session indicating that user has been authenticated. But if you have declarative security switched on at the web/ ejb tier and wish to pass on the user context to the say the EJB container, I think you will have to investigate the app server specific way of storing the context. Then you have to programmatically store the user context after authenticating using JAAS.
Nicholas Cheung
Ranch Hand
Joined: Nov 07, 2003
Posts: 4982
posted
0
You mean extending struts controller to accomodate JAAS? Cant we insert a filter before the Controller to handle this? You can have also have something like a LoginAction that uses JAAS to authenticate and store a variable in the session indicating that user has been authenticated.
Using Filter is one of the possible methods, and this method is also one of the security mechanism that used in Servlets. Thus, in fact, all security measurements that used in Servlet can be adopted by Structs. Nick
Karthik Guru
Ranch Hand
Joined: Mar 06, 2001
Posts: 1209
posted
0
Originally posted by Nicholas Cheung:
all security measurements that used in Servlet can be adopted by Structs. Nick
True. But I guess he is probably looking for a way to extend Struts Controller component to do this, i mean some extension points.
Nicholas Cheung
Ranch Hand
Joined: Nov 07, 2003
Posts: 4982
posted
0
he is probably looking for a way to extend Struts Controller component to do this, i mean some extension points.
In this case, you may need to write some programs for this purpose. For example, when you invoke EJB in other server from the Structs (Servlets), if you wanna securing the channel, you need to make the data sent through JAAS, seems that the container currently does not support such security means automatically. Nick
bas duijzings
Ranch Hand
Joined: Apr 07, 2004
Posts: 83
posted
0
The book seems not cover Structs security, however, since Structs in fact is a Servlet, I think Servlet security can be adopted by Structs as well.
I know struts uses a servlet, and there are other ways to use security or check if the user is authenticated besides filters. However it would be usefull if it was described in the book since struts in the most widely used framework with an implementation of servlets. Therefore an example with struts would be a welcome and usefull one. So I rephrase my question, is there a struts example in the book ? thanks
bas duijzings
Ranch Hand
Joined: Apr 07, 2004
Posts: 83
posted
0
can you let me know if this is included please ? I am very much interested in it ?
Marco Pistoia
Author
Greenhorn
Joined: Apr 19, 2004
Posts: 27
posted
0
Bas, We do not conver struts security explicitly, but we do cover servlet security. I hope this helps. Marco Pistoia
Marco Pistoia, Ph.D.<br /><a href="http://www.research.ibm.com/people/p/pistoia/" target="_blank" rel="nofollow">http://www.research.ibm.com/people/p/pistoia/</a>
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to
run our stuff on 16 servers instead of 3.
0
