struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Husted <>
Subject Re: Struts and authentication of requests in a webapp. Generic framework possible/available?
Date Mon, 02 Sep 2002 13:43:48 GMT
In Struts 1.1, you can assign a list of roles to each ActionMapping. By 
default, this uses the same JAAS scheme used by the container. However, 
you can also provided your own RequestProcessor that can override this 
and use whatever scheme works for your application.

-- Ted Husted, Husted dot Com, Fairport NY US
-- Author, Java Web Development with Struts
-- Order it today:

amolk wrote:

> Hi,
> I am new to Struts. I am referring the struts-example to build a prototype resembling
our application which is right now using only servlets.
> I need to authenticate each request that comes to the webapp ( though the action servlet
). There are two parts to the authentication scheme.
> 1. Authenticate the user when she provides the login name and password.
> 2. On very page ( or request ) verify that the request is coming from an authenticated
> Both these parts would be required by most of the webapps ( if not all ).
> Different types of web apps could have different authentication schemes. So lets assume
the first part cant be made generic.
> But, why cant we have a generic version of CheckLogonTag and the corresponding <app:checkLogon/>
? And make it part of the struts framework??
> Usage would be something like 
> Something like <app:checkLogon application="EA1" > for enterprise app1. EA1 string
would be put in the session by the logonAction which is application specific.
> So, though the authentication scheme and the strings we put in the session to flag the
session as authenticated would be different for different applications, the way to verify
would be made generic which accepts parameters which are appliction dependent.
> Now, i have to "struts enable" 3 webapplications. Either i replicate the tld, Tag class,
etc or make it generic so that i can use it across the apps.
> (Thinking of implementing the second option)
> Any comments?
> ( or is there something like that already in place?? )
> thnx,
> amol

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message