File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes Authorization using JAAS with Struts2 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Authorization using JAAS with Struts2" Watch "Authorization using JAAS with Struts2" New topic
Author

Authorization using JAAS with Struts2

Lakshmi Aishwarya
Greenhorn

Joined: Apr 15, 2008
Posts: 2
Hi all,

I am a newbie to use both Struts2 and JAAS. I have implemented login authentication using JAAS+STRUTS2 in jboss. But now i need to give permissions to access web pages in my web application according to the roles being assigned to the users. I have written my own custom interceptor for implementing this logic.

For Eg: If the user has a role of "Admin" then he/she can have access over all the pages of the application. Else they have to be bound with certain limits and must be forbidden from viewing certain pages.

Googled many sites but all were concentrating mostly on authentication but not on authorization.

How can i do it effectively? Please do reply. i have been held up in this for a longtime.


Thanks in advance,
LakshAish


~Laksh
Chengwei Lee
Ranch Hand

Joined: Apr 02, 2004
Posts: 884
You could implement your own authorization interceptor. You would need to store somewhere (file or database) a set of rules, i.e., who could access what. The "what" could be your Struts actions.

So whenever an action is invoked, you could check if the user is authorized to use this action from within the interceptor.


SCJP 1.4 * SCWCD 1.4 * SCBCD 1.3 * SCJA 1.0 * TOGAF 8
Lakshmi Aishwarya
Greenhorn

Joined: Apr 15, 2008
Posts: 2
hi ya,
Thanks for your reply... My mail had some problem that is why i couldn't get back to you.

The thing is that i don't know how to frame a rule file for it to fetch data from. I have the action classes ready but the file reference is what matters here...

Hope you can understand my prob.

Thanks & regards,
LakshAish
Amit M Tank
Ranch Hand

Joined: Mar 28, 2004
Posts: 257
You need to specify the security constraints in your web.xml

<security-constraint>
<display-name>AdminSecurity</display-name>
<web-resource-collection>
<web-resource-name>AdminResource</web-resource-name>
<url-pattern>/webapp/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>constraints</description>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<role-name>Admin</role-name>
</security-role>


Amit Tank
Linked In
shahidsan shaikh
Greenhorn

Joined: Aug 29, 2008
Posts: 6
Hi,

Could you kindly provide a sample code that shows how you used JAAS Authentication with Struts2? I am trying to do the same, but unable to find a resource that helps.

I am hoping sionce you posted sometime back, you would have a resolution by now

Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authorization using JAAS with Struts2