Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Authorization using JAAS with Struts2

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I am a newbie to use both Struts2 and JAAS. I have implemented login authentication using JAAS+STRUTS2 in jboss. But now i need to give permissions to access web pages in my web application according to the roles being assigned to the users. I have written my own custom interceptor for implementing this logic.

For Eg: If the user has a role of "Admin" then he/she can have access over all the pages of the application. Else they have to be bound with certain limits and must be forbidden from viewing certain pages.

Googled many sites but all were concentrating mostly on authentication but not on authorization.

How can i do it effectively? Please do reply. i have been held up in this for a longtime.


Thanks in advance,
LakshAish
 
Ranch Hand
Posts: 884
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could implement your own authorization interceptor. You would need to store somewhere (file or database) a set of rules, i.e., who could access what. The "what" could be your Struts actions.

So whenever an action is invoked, you could check if the user is authorized to use this action from within the interceptor.
 
Lakshmi Aishwarya
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi ya,
Thanks for your reply... My mail had some problem that is why i couldn't get back to you.

The thing is that i don't know how to frame a rule file for it to fetch data from. I have the action classes ready but the file reference is what matters here...

Hope you can understand my prob.

Thanks & regards,
LakshAish
 
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You need to specify the security constraints in your web.xml

<security-constraint>
<display-name>AdminSecurity</display-name>
<web-resource-collection>
<web-resource-name>AdminResource</web-resource-name>
<url-pattern>/webapp/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>constraints</description>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<role-name>Admin</role-name>
</security-role>
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Could you kindly provide a sample code that shows how you used JAAS Authentication with Struts2? I am trying to do the same, but unable to find a resource that helps.

I am hoping sionce you posted sometime back, you would have a resolution by now

Thanks
 
reply
    Bookmark Topic Watch Topic
  • New Topic