Re: Authentication and Authorization in S2

Mon, 20 Aug 2007 23:31:51 -0700 

Thank you very much Zarar and Alvaro for your hints.

Yes. I'm using spring, and I'll take a look at Acegi, and maybe
Berkano, too.

Best regards.

--
Robi.



I'll take a look at the
Alvaro Sanchez-Mariscal wrote:

I agree. You should first try Acegi.

If your auth needs are very specific, you can always develop a custom
interceptor.

Alvaro.

On 8/20/07, Zarar Siddiqi <[EMAIL PROTECTED]> wrote:

If you're using Spring, it's probably a great idea to use Acegi
Security to handle authentication/authorization.  I can't think of
anything it can't do.

http://www.acegisecurity.org/

There's also Berkano which doesn't do nearly as much as Acegi but can
handle most general AA problems:

http://berkano.codehaus.org/

Zarar


On 8/20/07, Roberto Nunnari <[EMAIL PROTECTED]> wrote:

Hi all.

I need to implement Authentication and Authorization in
a S2 web application, and before reinventing the wheel, I'd
like to ask the list for hints and advice.

1) Is there built-in support in Struts2 for Authentication and
Authorization?

2) What are the best practices for AA in S2?

3) Is JAAS be a practical way in S2?

More details:
- The application lets the users dynamically register as members
- In the application, the members can be part of one of two or three
groups (roles)
- unauthenticated users can only view some global data
- authenticated users can change some of their own data
- authenticated users can view some of other members data
- the authenticated users can add global content
- authenticated users in more privileged roles can change some global data
- authenticated users in the admin role, can do anything

Thank you.

--
Robi


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]









---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to