Return-Path: 
 <user-return-141930-apmail-struts-user-archive=struts.apache.org@struts.apache.org>
Delivered-To: apmail-struts-user-archive@www.apache.org
Received: (qmail 85586 invoked from network); 10 Aug 2005 10:27:55 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 10 Aug 2005 10:27:55 -0000
Received: (qmail 61050 invoked by uid 500); 10 Aug 2005 10:27:42 -0000
Delivered-To: apmail-struts-user-archive@struts.apache.org
Received: (qmail 61023 invoked by uid 500); 10 Aug 2005 10:27:41 -0000
Mailing-List: contact user-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:user-unsubscribe@struts.apache.org>
List-Help: <mailto:user-help@struts.apache.org>
List-Post: <mailto:user@struts.apache.org>
List-Id: "Struts Users Mailing List" <user.struts.apache.org>
Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
Delivered-To: mailing list user@struts.apache.org
Received: (qmail 61010 invoked by uid 99); 10 Aug 2005 10:27:41 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Aug 2005 03:27:41 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS
X-Spam-Check-By: apache.org
Received-SPF: neutral (asf.osuosl.org: local policy)
Received: from [212.227.126.188] (HELO moutng.kundenserver.de)
 (212.227.126.188)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Aug 2005 03:28:02 -0700
Received: from host86-129-64-51.range86-129.btcentralplus.com [86.129.64.51]
 (helo=[192.168.1.252])
	by mrelayeu.kundenserver.de with ESMTP (Nemesis),
	id 0ML25U-1E2noA1H1R-0005bQ; Wed, 10 Aug 2005 12:27:38 +0200
Message-ID: <42F9D69E.8080502@cyberspaceroad.com>
Date: Wed, 10 Aug 2005 11:27:42 +0100
From: Adam Hardy <ahardy.struts@cyberspaceroad.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB;
 rv:1.7.8) Gecko/20050513 Debian/1.7.8-1
X-Accept-Language: en-gb, de, en-us
MIME-Version: 1.0
To: Struts Users Mailing List <user@struts.apache.org>
Subject: Re: Last question on JAAS I promise
References: 
 <16185703.1123621471774.JavaMail.root@mswamui-swiss.atl.sa.earthlink.net>
In-Reply-To: 
 <16185703.1123621471774.JavaMail.root@mswamui-swiss.atl.sa.earthlink.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: kundenserver.de abuse@kundenserver.de
 login:7be52423742ce504c1b541fa1f258887
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

My bet is that Mark will get will get 95% of the way there but not be 
able to bend container-managed security that last little bit to achieve 
what he needs.

I don't want to be deliberately down on this and I'd love to be wrong 
about it, but I've been there and done that in Tomcat 5 and JBoss and 
came up short.

In fact, Craig posted a link to a Sun colleague of his who is looking at 
the next Servlet spec and [quote]:

# Improved Security -  This has been an area where we have wanted to 
refine for sometime. This may includes APIs for programatic login.

Mark, I thought you might want to leave comments when you're done with 
what you're doing, since it will be fresh in your mind (I added comments 
just yesterday but the programming was something I did over a year ago)

http://weblogs.java.net/blog/gmurray71/archive/2005/07/got_servlets.html


Adam

erikweber@mindspring.com on 09/08/05 22:04, wrote:
> Thanks Craig.
> 
> Well Mark, I'd be interested in hearing how it turns out. Good luck.
> 
> Erik
> 
> 
> -----Original Message-----
> From: Craig McClanahan <craigmcc@gmail.com>
> Sent: Aug 9, 2005 4:42 PM
> To: Struts Users Mailing List <user@struts.apache.org>, erikweber@mindspring.com
> Subject: Re: Last question on JAAS I promise
> 
> On 8/9/05, erikweber@mindspring.com <erikweber@mindspring.com> wrote:
> 
>>I found my login-config.xml. Suddenly I fear that I had this working in JBoss but not stand-alone Tomcat, but yet I *know* I was calling isUserInRole. At the same time, I remember the propagation problem between Tomcat and JBoss, and this config is definitely for JBoss. But isUserInRole would definitely be a Tomcat thing . . .  Damn!
>>
>><application-policy name="mysqldb">
>>  <authentication>
>>    <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
>>      <module-option name="unauthenticatedIdentity">anybody</module-option>
>>      <module-option name="dsJndiName">java:/MySQLDB</module-option>
>>      <module-option name="principalsQuery">SELECT password FROM auth_user WHERE username = ?</module-option>
>>      <module-option name="rolesQuery">SELECT group_name, 'Roles' FROM auth_group, auth_user_group, auth_user WHERE auth_group.group_id = auth_user_group.group_id AND auth_user_group.user_id = auth_user.user_id AND auth_user.username = ?</module-option>
>>    </login-module>
>>  </authentication>
>></application-policy>
>>
>>Erik
>>
> 
> 
> Tomcat has reasonably good documentation about how to configure
> container managed security.  For Tomcat 5.0, it's at:
> 
>     http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
> 
> Because it looks like you have your users in a database, you'll want
> to focus on setting up a JDBCRealm configuration.  If you need further
> help on it, asking on the Tomcat User list is a good bet (to
> subscribe, send an empty message to
> <tomcat-user-subscribe@jakarta.apache.org>).
> 
> Craig
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org