struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phase Web and Multimedia" <>
Subject RE: Security Solution
Date Tue, 02 Apr 2002 21:49:59 GMT

I have applied for a sourceforge project. If I am approved I will be posting
my code there. If you are interested in helping I would love some help in
refining this code and making it more flexible. I will let you know when the
project is on sourceforge. If you want the code before then. Let me know.

Brandon Goodin
Phase Web and Multimedia
P (406) 862-2245
F (406) 862-0354

-----Original Message-----
From: mharris []
Sent: Tuesday, April 02, 2002 1:43 PM
To: Struts Developers List
Subject: RE: Security Solution

I would love to see your code. I will most likely have to run our own
security model for our app. I think it will probably run directly
against the db rather than using LDAP, but am still quite intrigued to
read what you worte.

Michelle Harris

On Tue, 2002-04-02 at 15:23, Phase Web and Multimedia wrote:
> Greetings Michael,
> I don't believe it has to be struts specific. But, I have never used it
> anywhere but struts. There many other features I would like to add to it.
> Specifically an ldap realm for authorization and perhaps add some hooks
> will provide EJB conectivity. Do to my EJB ignorance I don't even know if
> is possible.
> One thing to note. Because a webapp has limited access to the server scope
> this security solution is context specific for now. This is why I want to
> add some of the afformentioned hooks. I also imagine it would be possible
> store the security xml file so that it can be cross context and provide a
> single security config for multiple contexts under a host.
> Another thing to note is that many of the apis that are out there (ie
> jsp, servlet) take advantage of the container managed security by checking
> roles. These are all container specific. I've chosen to abandon all of
> niceties to gain greater flexibility in other areas. I have sacrificed the
> standard convention that these mechanisms provide. I feel it is a good
> decision for my niche.
> I will be providing mechanisms equal to the isUserInRole(),
> and getUserPrincipal(). But these objects will be context-session
> My solution should be able to work as an app level link to a larger
> system that bypasses tomcat security all-together.
> I have heard some speak about ejb as thought they need the
> security. This might be so. I don't know. I am hoping that someone might
> able to provide that functionality.
> If you would like to look at my code I am more than happy to pass it on.
> But, it is narrow in scope to my application. This has become apparent to
> as I read some email regarding what I have developed. I believe the code
> concept to be a good starting point to provide a better security
> The strongest part of the code it the SecurityFilter and MulitpleLogin
> configuration options.
> Let me know,
> Brandon Goodin
> Phase Web and Multimedia
> P (406) 862-2245
> F (406) 862-0354
> -----Original Message-----
> From: Michael Mok []
> Sent: Monday, April 01, 2002 7:11 PM
> To:
> Subject: RE: Security Solution
> Hi Brendon
> We are interested to see your alternate solution for container managed
> security. Does your solution need STRUTS and will it tie in easily with
> Can you send us your source code?
> Thanks in advance.
> Michael Mok
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message