Return-Path: 
 <struts-user-return-45406-qmlist-jakarta-archive-struts-user=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-struts-user-archive@apache.org
Received: (qmail 58396 invoked from network); 2 Sep 2002 12:36:09 -0000
Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131)
  by daedalus.apache.org with SMTP; 2 Sep 2002 12:36:09 -0000
Received: (qmail 13402 invoked by uid 97); 2 Sep 2002 12:36:27 -0000
Delivered-To: qmlist-jakarta-archive-struts-user@jakarta.apache.org
Received: (qmail 13382 invoked by uid 97); 2 Sep 2002 12:36:27 -0000
Mailing-List: contact struts-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:struts-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:struts-user-subscribe@jakarta.apache.org>
List-Help: <mailto:struts-user-help@jakarta.apache.org>
List-Post: <mailto:struts-user@jakarta.apache.org>
List-Id: "Struts Users Mailing List" <struts-user.jakarta.apache.org>
Reply-To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
Delivered-To: mailing list struts-user@jakarta.apache.org
Received: (qmail 13359 invoked by uid 98); 2 Sep 2002 12:36:26 -0000
X-Antivirus: nagoya (v4218 created Aug 14 2002)
Message-ID: <001501c2527e$92dd78a0$2900a8c0@amolk>
From: "amolk" <amolk@mailjol.com>
To: <struts-user@jakarta.apache.org>
Subject: Struts and authentication of requests in a webapp. Generic framework
 possible/available?
Date: Mon, 2 Sep 2002 18:15:04 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0012_01C252AC.A9535AE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

------=_NextPart_000_0012_01C252AC.A9535AE0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

I am new to Struts. I am referring the struts-example to build a =
prototype resembling our application which is right now using only =
servlets.

I need to authenticate each request that comes to the webapp ( though =
the action servlet ). There are two parts to the authentication scheme.
1. Authenticate the user when she provides the login name and password.
2. On very page ( or request ) verify that the request is coming from an =
authenticated user.

Both these parts would be required by most of the webapps ( if not all =
).
Different types of web apps could have different authentication schemes. =
So lets assume the first part cant be made generic.

But, why cant we have a generic version of CheckLogonTag and the =
corresponding <app:checkLogon/> ? And make it part of the struts =
framework??
Usage would be something like=20
Something like <app:checkLogon application=3D"EA1" > for enterprise =
app1. EA1 string would be put in the session by the logonAction which is =
application specific.
So, though the authentication scheme and the strings we put in the =
session to flag the session as authenticated would be different for =
different applications, the way to verify would be made generic which =
accepts parameters which are appliction dependent.
Now, i have to "struts enable" 3 webapplications. Either i replicate the =
tld, Tag class, etc or make it generic so that i can use it across the =
apps.
(Thinking of implementing the second option)

Any comments?
( or is there something like that already in place?? )

thnx,
amol


------=_NextPart_000_0012_01C252AC.A9535AE0--