RE: [cinjug-users] J2ee Container Managed Web Security and Struts

To:	"'John Olmstead'" <jolmstead2k@xxxxxxxxx>
Subject:	RE: [cinjug-users] J2ee Container Managed Web Security and Struts
From:	"Abraham Fathman" <abraham@xxxxxxxxxxx>
Date:	Fri, 21 Apr 2006 09:49:33 -0400
Cc:	<users@xxxxxxxxxx>
Delivered-to:	mailing list users@cinjug.org
In-reply-to:	<20060421123414.21713.qmail@web54303.mail.yahoo.com>
Mailing-list:	contact users-help@cinjug.org; run by ezmlm
Thread-index:	AcZlQBO7U5Eba6XbTYqi94qWZ4w2pAACddRQ

Hey John,

I haven't looked at container based security in over 5 years so my info
could be out of date... but I have found that container based never
satisfies my requirements... as it appears that you are discovering...

Both of your ideas - a Filter or a Tag could do their part.

Do you have portions of pages that you want to show up if the user was
logged in? 
If that is the case: Tag.
If a whole page or section of the site requires login: Filter.

Good luck... if you figure out a good way to make container managed do what
you want let us (me) know.

Abraham Fathman

-----Original Message-----
From: John Olmstead [mailto:jolmstead2k@xxxxxxxxx] 
Sent: Friday, April 21, 2006 8:34 AM
To: Cinjug
Subject: [cinjug-users] J2ee Container Managed Web Security and Struts

Ladies and Gentlemen;

I am struggleing to formulate a solution plan to implement a J2ee custom web
security model to
a struts based application.  The security mapping is fairly standard with
protected url
mappings, form based authentication , LDAP authentication and DB
authorization.

Container managed security is directory based as protected areas are mapped
with url mappings.
 Problem is that struts will gladly render protected resources to
unauthenticated/unauthorized
users.

Two solutions come to mind.  One is a custom tag , implemented on every jsp
page in the
protected areas to check authentication and authorization.  The second is a
servlet filter
that intecepts the request between the action class to the view resource
(jsp).  Not all areas
of the application are protected.

I have surfed online developer resources and do not find there to be a lot
of information on
this topic.  In fact, I find that most of the struts demo apps out there are
using application
managed security.

I'd appreciate hearing about any experiances you may have on implementing
J2ee web security on
any mvc framework.  It certainly appears to me that J2ee web security was
intended for model 1
web applications and not model 2 (mvc).

Thanks in advance for your comments.


John Olmstead
(859) 380 2743 

John Olmstead
jolmstead2k@xxxxxxxxx

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------
You may unsubscribe from this mailing list
by sending a blank email addressed to:
users-unsubscribe@xxxxxxxxxx

--
Find additional help by sending a blank email
addressed to:
users-help@xxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
J2ee Container Managed Web Security and Struts, John Olmstead RE: [cinjug-users] J2ee Container Managed Web Security and Struts, Abraham Fathman <= Re: [cinjug-users] J2ee Container Managed Web Security and Struts, Jason Zhang Re: [cinjug-users] J2ee Container Managed Web Security and Struts, Greg Nieman

Previous by Date:	J2ee Container Managed Web Security and Struts, John Olmstead
Next by Date:	Re: [cinjug-users] J2ee Container Managed Web Security and Struts, Jason Zhang
Previous by Thread:	J2ee Container Managed Web Security and Struts, John Olmstead
Next by Thread:	Re: [cinjug-users] J2ee Container Managed Web Security and Struts, Jason Zhang
Indexes:	[Date] [Thread] [Top] [All Lists]