Hi All, 
I am working on a production web application written in Struts 1.2.x .
Recently we undertook an effort to redesign our login architecture. 
Currently our architecture is that
1) user is presented with a login page served by IIS server (ASP pages)
2) user's provided username/password is validated against LDAP server, and a
token is returned. That token is stored in the database as well. 
3) That security token is put in the session scope and then the control is
passed on the weblogic server, where the security token from the session is
compared with the one stored in the database to verify its the same user who
logged in at step (1). 
4) the struts web flows are selected and user selects and runs through the
appropriate web flows.

I am working on redesigning this login scheme. The IIS is only there since
the login front-end was originally designed in ASP and either way its a good
practice to have a web server to serve the static pages and an app server
for dynamic content. (we don't mind replacing IIS with Apache tomcat etc..if
we have to..)
I am looking for any suggestions that any experienced web developers have
implemented to implement a login scheme (*using LDAP repositories). 
I recently evaluated Spring's ACEGI framework and found it to be pretty
promising. I am not sure, if 
there's anything else that I should/can consider. 
Moreover, my question for this forum is whether the above architecture is a
good one or is there some scope of improvement in it, that we can implement
using ACEGI framework .... or some other login/security framework  that you
folks can suggest...
thanks a lot for any input in advance,
robbby
-- 
View this message in context: 
http://www.nabble.com/suggestions-for-login-scheme-using-struts-1.x-tf3912491.html#a11092549
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to