struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Cabasson <denis.cabas...@gmail.com>
Subject Re: Login redirection
Date Wed, 28 Apr 2010 01:01:18 GMT
Hi Mark,

To implement security across multiples applications (Struts or non 
Struts), you will have to rely on the container. The container is really 
the best way to go if you want to implement a cross applications sign-on.

Now, about your specific question, I guess we are missing some specifics 
to be able to answer. You will basically have all your login pages 
(L1,L2,L3... ) and I will assume that they all point to that central 
authentication component. Or do you call the component that does the 
authentication another way? Is it a web service? A post to a URL? And 
after that, this component will probably accept a parameter telling him 
where to redirect the user.

Which authentication component are you planning on using? We are using 
Get Access from Entrust, that has this single sign on and authentication 
capabilities is your product the same type of product?

Denis

Le 2010-04-27 16:26, Mark Hansen a écrit :
> I am working on a Struts 1.x application that has a number of login pages L1, L2, L3,
...  If a non-authenticated user requests a page - P - that requires authentication, the user
will be redirected to one of these login pages L1, L2, L3, ... - depending on the context.
 Once authenticated, he proceeds to page P.
>
> Now, authentication is being centralized across a variety of applications (Struts and
non-Struts).  All the login pages from my application (L1, L2, ...) need to be redirected
to this central security application (outside my control) for authentication.  Once the redirected
user is authenticated by the central security application, the user needs to be sent back
to his originally requested page - P.
>
> What would be the best way to securely implement this redirected authentication in the
Struts 1.x framework?
>
>    


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message