Hi All, I am working on a production web application written in Struts 1.2.x . Recently we undertook an effort to redesign our login architecture. Currently our architecture is that 1) user is presented with a login page served by IIS server (ASP pages) 2) user's provided username/password is validated against LDAP server, and a token is returned. That token is stored in the database as well. 3) That security token is put in the session scope and then the control is passed on the weblogic server, where the security token from the session is compared with the one stored in the database to verify its the same user who logged in at step (1). 4) the struts web flows are selected and user selects and runs through the appropriate web flows.
I am working on redesigning this login scheme. The IIS is only there since the login front-end was originally designed in ASP and either way its a good practice to have a web server to serve the static pages and an app server for dynamic content. (we don't mind replacing IIS with Apache tomcat etc..if we have to..) I am looking for any suggestions that any experienced web developers have implemented to implement a login scheme (*using LDAP repositories). I recently evaluated Spring's ACEGI framework and found it to be pretty promising. I am not sure, if there's anything else that I should/can consider. Moreover, my question for this forum is whether the above architecture is a good one or is there some scope of improvement in it, that we can implement using ACEGI framework .... or some other login/security framework that you folks can suggest... thanks a lot for any input in advance, robbby -- View this message in context: http://www.nabble.com/suggestions-for-login-scheme-using-struts-1.x-tf3912491.html#a11092549 Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]