You don't need to learn, it's an option.
If you need a secure system though you may want to use
some kind of authentication and authorization service.
You can learn just a little of JAAS which is enough to
use container managed security, or you can write your
own security mechanism (using or not ja
Is it really necessary to learn JAAS in order to authenticate users
in complex J2EE systems??
More API to learn, more complication and headache.
I would try to get away with it if I can.
Regards
- Original Message -
From: "Leandro Melo" <[EMAIL PROTECTED]>
To: "struts jakarta" <[EMAIL P
rning this myself... So I am prob. way off...
--
Sloan
-Original Message-
From: Leandro Melo [mailto:[EMAIL PROTECTED]
Sent: Friday, August 20, 2004 8:21 AM
To: Struts Users Mailing List
Subject: Re: Struts login with JAAS (Part 2)
Hi Erik,
the point is that i actually changing my approach.
Hmm, well, I hope that I turn out to be wrong here. I tried it myself
and couldn't get it to work. Please let me know how it goes.
Erik
Leandro Melo wrote:
Hi Erik, i was not missing that, i just forgot to tell
you that...
- JBoss actually propagates it`s security suff to
Tomcat and vice-versa. I
Hi Erik, i was not missing that, i just forgot to tell
you that...
- JBoss actually propagates it`s security suff to
Tomcat and vice-versa. I got this information from the
JBoss forum
(http://jboss.org/index.html?module=bb&op=viewtopic&t=53202).
Then i tested it myself with a simple login using
j_
Sorry to hear that you are so mad, it is indeed frustrating to try to
work with APIs that are poorly documented, but, I think you're still
missing one thing I've been saying . . .
Leandro Melo wrote:
Hi Erik,
the point is that i actually changing my approach.
I gave up for a moment the action="
Hi Erik,
the point is that i actually changing my approach.
I gave up for a moment the action="j_security_check"
(i'm using j_username and j_password just to make it
similar just because they names were already there
when i tried something with j_security_check) thing
and pointed the action of my
Sorry, I may have mislead you here:
Erik Weber wrote:
Leandro, perhaps I didn't explain very well. As far as I know, there
is no way for you to intercept the login request and process the
j_username and j_password parameters yourself -- you have to let the
container receive the form submittal an
Leandro, perhaps I didn't explain very well. As far as I know, there is
no way for you to intercept the login request and process the j_username
and j_password parameters yourself -- you have to let the container
receive the form submittal and process the login. This is why I said,
your login f
If the login is successful, keep the user object in
the session. In every action class, you can check
whether the user object/user exists in the session or
not. If not, redirect to login.jsp.
Maybe you can have the check in some super action
class so that you dont have to repeat the code in each
ac
10 matches
Mail list logo
