struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phase Web and Multimedia" <m...@phase.ws>
Subject RE: Security Solution
Date Tue, 02 Apr 2002 21:49:59 GMT
Michelle,

I have applied for a sourceforge project. If I am approved I will be posting
my code there. If you are interested in helping I would love some help in
refining this code and making it more flexible. I will let you know when the
project is on sourceforge. If you want the code before then. Let me know.

Thanks,
Brandon Goodin
Phase Web and Multimedia
P (406) 862-2245
F (406) 862-0354
mail@phase.ws
http://www.phase.ws


-----Original Message-----
From: mharris [mailto:mharris@site59.com]
Sent: Tuesday, April 02, 2002 1:43 PM
To: Struts Developers List
Subject: RE: Security Solution


I would love to see your code. I will most likely have to run our own
security model for our app. I think it will probably run directly
against the db rather than using LDAP, but am still quite intrigued to
read what you worte.

Thanks!
Michelle Harris


On Tue, 2002-04-02 at 15:23, Phase Web and Multimedia wrote:
> Greetings Michael,
>
> I don't believe it has to be struts specific. But, I have never used it
> anywhere but struts. There many other features I would like to add to it.
> Specifically an ldap realm for authorization and perhaps add some hooks
that
> will provide EJB conectivity. Do to my EJB ignorance I don't even know if
it
> is possible.
>
> One thing to note. Because a webapp has limited access to the server scope
> this security solution is context specific for now. This is why I want to
> add some of the afformentioned hooks. I also imagine it would be possible
to
> store the security xml file so that it can be cross context and provide a
> single security config for multiple contexts under a host.
>
> Another thing to note is that many of the apis that are out there (ie
tiles,
> jsp, servlet) take advantage of the container managed security by checking
> roles. These are all container specific. I've chosen to abandon all of
those
> niceties to gain greater flexibility in other areas. I have sacrificed the
> standard convention that these mechanisms provide. I feel it is a good
> decision for my niche.
>
> I will be providing mechanisms equal to the isUserInRole(),
getRemoteUser(),
> and getUserPrincipal(). But these objects will be context-session
specific.
>
> My solution should be able to work as an app level link to a larger
security
> system that bypasses tomcat security all-together.
>
> I have heard some speak about ejb as thought they need the
container-managed
> security. This might be so. I don't know. I am hoping that someone might
be
> able to provide that functionality.
>
> If you would like to look at my code I am more than happy to pass it on.
> But, it is narrow in scope to my application. This has become apparent to
me
> as I read some email regarding what I have developed. I believe the code
and
> concept to be a good starting point to provide a better security
framework.
>
> The strongest part of the code it the SecurityFilter and MulitpleLogin
> configuration options.
>
> Let me know,
> Brandon Goodin
> Phase Web and Multimedia
> P (406) 862-2245
> F (406) 862-0354
> mail@phase.ws
> http://www.phase.ws
>
>
> -----Original Message-----
> From: Michael Mok [mailto:michaelm@consultech.net.au]
> Sent: Monday, April 01, 2002 7:11 PM
> To: mail@phase.ws
> Subject: RE: Security Solution
>
>
> Hi Brendon
>
> We are interested to see your alternate solution for container managed
> security. Does your solution need STRUTS and will it tie in easily with
> STRUTS?
> Can you send us your source code?
>
> Thanks in advance.
>
> Michael Mok
>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:struts-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:struts-dev-help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:struts-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-dev-help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message