struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Lowe" <mel...@gmail.com>
Subject Re: Finegrained access control
Date Tue, 28 Feb 2006 18:39:56 GMT
On 2/28/06, Emmanouil Batsis <Emmanouil.Batsis@eurodyn.com> wrote:
> Dave Newton wrote:
>
> >If you want _fine_-grained access control drop Spring on top of Struts
> >and use Acegi.
> >
> >
>
> For us not wanting to put yet another framework into the table, any
> advice and pointers from more experienced people out there?
>
> My usual requirement is operation rights for roles in groups (due to
> resources belonging to groups) and i am currently trying to fit JAAS
> into the picture and take advantage of doclet etc, but i still havent
> even scratched the surface on this one.

JAAS can be complex.... Sounds like the problem is do to with realm
configuration and how to use the servlet spec security model.. A JDBC
or DataSource realm will fit most requirements, rather than getting
bogged down in Jaas.

http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html

Once the context is configured you need to tell your webapp what to do
in web.xml..

   <security-constraint>
      <display-name>Access control</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <url-pattern>/*</url-pattern>
	  <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
	  <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <role-name>user</role-name>
      </auth-constraint>
    </security-constraint>

    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>myrealm</realm-name>
      <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/loginError.html</form-error-page>
      </form-login-config>
    </login-config>

    <security-role>
      <role-name>user</role-name>
    </security-role>

The fields in your html form must follow the spec (action, and field
names) to work with the realm stuff.

<form action="j_security_check" method="POST">
<input type="text" name="j_username" />
<input type="text" name="j_password" />
</form>

Mark

>
> Manos
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message