struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: Struts2 with Authentication & Security
Date Fri, 21 Aug 2009 15:07:16 GMT

i had a devil of a time coaxing mvn package to build proper jars until i renamed the failing
tests e.g:

ren $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java

$SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java.old

ren $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java

$SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java.old

ls -al $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt

08/21/2009  09:23 AM             5,580 DefaultSessionManagerTest.java.old
08/21/2009  09:23 AM             2,411 DelegatingSessionTest.java.old
               2 File(s)          7,991 bytes

ren 
$SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/.svn/text-base/DefaultSessionManagerTest.java.svn-base
$SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/.svn/text-base/DefaultSessionManagerTest.java.svn-base.old


ren 
$SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java.svn-base


$SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java.svn-base.old


ls -al $SHIRO_HOME/trunk/core/src/test/java/org/apache/shiro/session/mgt/.svn/text-base
08/21/2009  09:23 AM             5,580 DefaultSessionManagerTest.java.svn-base.o
ld
08/21/2009  09:23 AM             2,411 DelegatingSessionTest.java.svn-base.old

$SHIRO_HOME/trunk/core>mvn package

i now have requisite plugin jars located at
 Directory of $SHIRO/trunk/core/target

08/21/2009  10:21 AM         1,602,462 shiro-core-1.0-incubating-SNAPSHOT-javado
c.jar
08/21/2009  10:17 AM           407,412 shiro-core-1.0-incubating-SNAPSHOT-source
s.jar
08/21/2009  10:17 AM           265,537 shiro-core-1.0-incubating-SNAPSHOT.jar

Martin Gainty 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire
prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe
quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les
email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.




> Subject: RE: Struts2 with Authentication & Security
> Date: Fri, 21 Aug 2009 08:14:25 -0500
> From: tkofford@ku.edu
> To: user@struts.apache.org
> 
> I know that Spring Security (ACEGI) gets a lot of publicity, but there are other alternatives
out there too.
> Last year I implemented a struts2 based system using Apache Shiro (formerly jsecurity),
and found it very easy to learn an implement. On their website, http://cwiki.apache.org/SHIRO/
 they have lots of documentation and examples.
> 
> Todd Kofford
> tkofford@ku.edu
> University of Kansas - IT
> 
> "the continuum transfunctioner is a very mysterious and powerful device and it's mystery
is only exceeded by it's power"
> 
>  
> 
> -----Original Message-----
> From: Paweł Wielgus [mailto:poulwiel@gmail.com] 
> Sent: Friday, August 21, 2009 7:10 AM
> To: Struts Users Mailing List
> Subject: Re: Struts2 with Authentication & Security
> 
> Hi all,
> "a few years ago" means also that this solution still works.
> But from my point of view, inteceptor might be better if You are in a situation
> where You are not the only programmer
> or You are laizy and have bad memory - just like me.
> If so read this:
> http://poulwiel.blogspot.com/2009/01/intercepting-all-actions-inside-my-app.html
> 
> Or use Spring Security (ACEGI).
> 
> Best greetings,
> Paweł Wielgus.
> 
> 
> 
> 2009/8/21 Lee Clemens <java@leeclemens.net>:
> > A few years ago, huh? You make it seem like such an archaic approach :)
> >
> > My question, I guess using a servlet/interceptor to do the same as this
> > abstract class would conform more with the 'accepted' methodology? (I did
> > play around with a servlet, but couldn't get it to redirect correct - I
> > admit I haven't looked into Interceptors too deeply.)
> >
> > -----Original Message-----
> > From: Wes Wannemacher [mailto:wesw@wantii.com]
> > Sent: Thursday, August 20, 2009 8:11 PM
> > To: Struts Users Mailing List
> > Subject: Re: Struts2 with Authentication & Security
> >
> > I used this same approach for an app I worked on a few years ago.
> > There is nothing wrong, in fact its simplicity is a bit of an
> > advantage. If you can fit your needs into this type of setup then you
> > will probably be happy that it is so easy to follow.
> >
> > On 8/20/09, Lee Clemens <java@leeclemens.net> wrote:
> >> This may not be perfect, and I welcome any criticism to this approach:
> >>
> >> abstract class extends ActionSupport which overrides execute() to
> >> authenticate requests and then return a call to abstract method, say,
> >> doAction(), or error if they are not authenticated/timed out.
> >>
> >> Each action which needs to be protected simply extends the above abstract
> >> class and implements doAction(), just as you would normally override
> >> execute().  Make execute() final in the abstract class...
> >>
> >> Add another abstract method to get a group authentication level
> > (implemented
> >> by each action's class) and you have a fairly robust and straightforward
> >> authentication scheme, IMHO
> >>
> >> With proper negative testing, you can be certain any developer didn't
> > forget
> >> to extend/implement the 'security' action for any given action that should
> >> be restricted
> >>[snip]
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 

_________________________________________________________________
Hotmail® is up to 70% faster. Now good news travels really fast. 
http://windowslive.com/online/hotmail?ocid=PID23391::T:WLMTAGL:ON:WL:en-US:WM_HYGN_faster:082009
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message