struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Lowe" <>
Subject Re: Finegrained access control
Date Tue, 28 Feb 2006 18:39:56 GMT
On 2/28/06, Emmanouil Batsis <> wrote:
> Dave Newton wrote:
> >If you want _fine_-grained access control drop Spring on top of Struts
> >and use Acegi.
> >
> >
> For us not wanting to put yet another framework into the table, any
> advice and pointers from more experienced people out there?
> My usual requirement is operation rights for roles in groups (due to
> resources belonging to groups) and i am currently trying to fit JAAS
> into the picture and take advantage of doclet etc, but i still havent
> even scratched the surface on this one.

JAAS can be complex.... Sounds like the problem is do to with realm
configuration and how to use the servlet spec security model.. A JDBC
or DataSource realm will fit most requirements, rather than getting
bogged down in Jaas.

Once the context is configured you need to tell your webapp what to do
in web.xml..

      <display-name>Access control</display-name>
         <web-resource-name>Protected Area</web-resource-name>



The fields in your html form must follow the spec (action, and field
names) to work with the realm stuff.

<form action="j_security_check" method="POST">
<input type="text" name="j_username" />
<input type="text" name="j_password" />


> Manos
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message