On 2/28/06, Emmanouil Batsis <[EMAIL PROTECTED]> wrote: > Dave Newton wrote: > > >If you want _fine_-grained access control drop Spring on top of Struts > >and use Acegi. > > > > > > For us not wanting to put yet another framework into the table, any > advice and pointers from more experienced people out there? > > My usual requirement is operation rights for roles in groups (due to > resources belonging to groups) and i am currently trying to fit JAAS > into the picture and take advantage of doclet etc, but i still havent > even scratched the surface on this one.
JAAS can be complex.... Sounds like the problem is do to with realm configuration and how to use the servlet spec security model.. A JDBC or DataSource realm will fit most requirements, rather than getting bogged down in Jaas. http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html Once the context is configured you need to tell your webapp what to do in web.xml.. <security-constraint> <display-name>Access control</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>myrealm</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/loginError.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>user</role-name> </security-role> The fields in your html form must follow the spec (action, and field names) to work with the realm stuff. <form action="j_security_check" method="POST"> <input type="text" name="j_username" /> <input type="text" name="j_password" /> </form> Mark > > Manos > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
