struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Max Cooper" <...@maxcooper.com>
Subject Re: Container-managed authentication not possible
Date Wed, 21 Aug 2002 20:07:47 GMT
Brandon,

SecurityFilter *does* implement isUserInRole(), getUserPrincipal(), and
getRemoteUser(). By "mimics" I mean that your app (or Tiles and Struts) will
not be able to distinguish between SecurityFilter and Container Managed
Security. It behaves the same, and it looks the same to the code running on
top of it. One of the major design goals of the project is to allow you to
switch between container-managed and filter-based security without changing
your application's code. SecurityFilter also shares the same configuration
syntax and features, except that you put the info in a
securityfilter-config.xml file rather than web.xml.

-Max

----- Original Message -----
From: "Brandon Goodin" <mail@phase.ws>
To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>;
<tnist@bellsouth.net>
Sent: Wednesday, August 21, 2002 12:52 PM
Subject: RE: Container-managed authentication not possible


> That is a cool project. But, it only "mimics". It has the same terminology
> associated with it. But it is NOT container managed security. Nor does it
> integrate (at this point) with many projects that use the container based
> security check methods like isUserInRole(). so, for example if you are
using
> role checking with tiles it will not be able to locate the role and user
> information generated by SecurityFilter because it does not use container
> managed security. I wrote a SecurityFilter that interacts with an action
to
> take advantage of container based security. It allows for auto-login,
login
> from any page, and url based security. But the code is not very clean and
is
> Tomcat specific. I am waiting for the ServletSpec to come up to par.
> Meanwhile my "SecurityFilter" is working and using container based
security
> and I would rather stay tied to container managed security with all it's
> inflexibilities because it allows me to abstract my security from my app.
>
> Just my rambling thoughts,
> Brandon Goodin
> Phase Web and Multimedia
> P(406)862-2245
> F(406)862-0354
> http://www.phase.ws
>
> -----Original Message-----
> From: Todd G. Nist [mailto:tnist@bellsouth.net]
> Sent: Wednesday, August 21, 2002 2:46 PM
> To: 'Struts Users Mailing List'
> Subject: RE: Container-managed authentication not possible
>
>
> You may want to take a look at the SecurityFilter project on
SourceForge.net
> by Max Cooper.  Summary form site:
>
> "SecurityFilter is a Java Servlet Filter that mimics the behavior and
> configuration format of container managed security, with several
> development and deployment advantages."
>
> See the Home Page http://securityfilter.sourceforge.net at for more
> details.
>
> Regards,
>
> Todd G. Nist
>
>
> -----Original Message-----
> From: Brandon Goodin [mailto:mail@phase.ws]
> Sent: Wednesday, August 21, 2002 2:48 PM
> To: Struts Users Mailing List
> Subject: RE: Container-managed authentication not possible
>
>
> You can implement container managed security in web.xml only if it has
been
> setup within the server.xml under your host settings.
>
> Brandon Goodin
> Phase Web and Multimedia
> P(406)862-2245
> F(406)862-0354
> http://www.phase.ws
>
> -----Original Message-----
> From: Elderclei R Reami [mailto:reami@vertisnet.com.br]
> Sent: Wednesday, August 21, 2002 3:44 PM
> To: struts-user@jakarta.apache.org
> Subject: Container-managed authentication not possible
>
>
> Hi Friends,
>
> It's been a month developing in struts, and the party's been pretty good.
> I'm just finishing my first application
> (30 jsps, actions, and so on), and now I'm including some security in it.
>
> I'm in trouble regarding authentication, because my client's  ISP does not
> let me change server.xml configs,
> probably because they use virtual hosting. My question is: is it possible
to
> configure container-managed
> authentication using the web.xml? Or must I implement my own
authentication?
>
> Cheers,
> Elderclei R Reami
> Vertis Tecnologia
> +55 11 3887-0835
> www.vertisnet.com.br
>
>
> --
> To unsubscribe, e-mail:
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message