struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "amolk" <>
Subject Struts and authentication of requests in a webapp. Generic framework possible/available?
Date Mon, 02 Sep 2002 12:45:04 GMT

I am new to Struts. I am referring the struts-example to build a prototype resembling our
application which is right now using only servlets.

I need to authenticate each request that comes to the webapp ( though the action servlet ).
There are two parts to the authentication scheme.
1. Authenticate the user when she provides the login name and password.
2. On very page ( or request ) verify that the request is coming from an authenticated user.

Both these parts would be required by most of the webapps ( if not all ).
Different types of web apps could have different authentication schemes. So lets assume the
first part cant be made generic.

But, why cant we have a generic version of CheckLogonTag and the corresponding <app:checkLogon/>
? And make it part of the struts framework??
Usage would be something like 
Something like <app:checkLogon application="EA1" > for enterprise app1. EA1 string would
be put in the session by the logonAction which is application specific.
So, though the authentication scheme and the strings we put in the session to flag the session
as authenticated would be different for different applications, the way to verify would be
made generic which accepts parameters which are appliction dependent.
Now, i have to "struts enable" 3 webapplications. Either i replicate the tld, Tag class, etc
or make it generic so that i can use it across the apps.
(Thinking of implementing the second option)

Any comments?
( or is there something like that already in place?? )


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message