struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrea M." <>
Subject R: Struts and JAAS
Date Tue, 18 May 2004 09:18:10 GMT
I need application A using module 1
And application B using module 2
I need isolation, so A cannot access m2 and B cannot access m1
In Jrun actually I can configure jaas modules for users and roles, but
that's server instance wide.
I'm pretty new to JAAS, and I don't know if I have to find a way to
configure my server in order to bind each module to the app I want,
Or it's the application that needs to know which module to use.
So far the only examples and  tutorials I found are about standalone
applications, or single signon.
Cannot use the first because I need policy files don't suit my needs
And cannot use the second because I don't want to share the modules.
There is not (at least I didn't find any) concept of realm in Jrun
configuration.. so I'm pretty confused

-----Messaggio originale-----
Da: Sean Radford [] 
Inviato: martedì 18 maggio 2004 11.05
A: Struts Users Mailing List
Oggetto: Re: Struts and JAAS

Each application just logs into a different JAAS realm (each of these
has its own stack of login modules, but sounds like you only need one
per realm).

Hope that guides you a little.



On Tue, 2004-05-18 at 09:22, Andrea M. wrote:
> Hello all
> I've got a dilemma trying to implement JAAS in my struts applications.
> This is the problem:
> I have more applications running in the same instance of the appserver
> 4 in my case, but I think the same thing is applicable to the others).
> Each application has its own database with its own roles, users, and
> authentication rules.
> What I'd like to do is to implement many login modules, and to apply to
> application its specific module.
> The point is, for what I understand the login modules in JAAS are
> so it goes thru all of them looking which one passes.
> So, if you set all of them as required every authentication will fail,
> because of the logic difference, and if you set them as optional then you
> may pass a login just because you have an account in the other one, which
> passes. In that case I will have a user logging in the application A, but
> authenticated with the login module tailored for the application B!
> Anyone with a better clue than me about this?
> Thanks
> Andrea
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
Dr. Sean Radford, MBBS, MSc

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message