Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Struts Authenication

Status
Not open for further replies.
jollyplay

jollyplay

Programmer
Dec 16, 2003
90
Hello,

I need, all request must be go through one common
area for authenication. can you tell me how can i
do this in struts. Any suppport class struts have?

Thanks in advance,

with regards,
balachandar.
 
Sort by date Sort by votes
Your best bet is to use the tomcat Realms container authentication. It has some limitations but works in the general case.

Here is a link:


Here is an example of how mine is set-up. In my server.xml I have this :

Code: 
		<Realm className="org.apache.catalina.realm.JDBCRealm" debug="0"
		driverName="org.firebirdsql.jdbc.FBDriver"
		userNameCol="user_name"
		connectionName="sysdba"
		userTable="users"
		userCredCol="user_pass"
		validate="true"
		connectionURL="jdbc:firebirdsql:localhost/3050:C:/test.gdb"
		userRoleTable="user_roles"
		roleNameCol="role_name"
		connectionPassword="masterkey"/>

This tells tomcat 'Create a security realm and tie it to this specified JDBC data source'. The URL above will give you multiple ways to manage authentication including database, flatfile and LDAP. I use a database.

Then, in my web.xml I put this code :

Code: 
<security-constraint>
	<web-resource-collection>
		<web-resource-name>Protected Area</web-resource-name>
		<url-pattern>*.jsp</url-pattern>
		<url-pattern>*.do</url-pattern>
		<http-method>DELETE</http-method>
		<http-method>GET</http-method>
		<http-method>POST</http-method>
		<http-method>PUT</http-method>
	</web-resource-collection>
	<auth-constraint>
		<role-name>admin</role-name>
	</auth-constraint>
	<user-data-constraint>
		<transport-guarantee>NONE</transport-guarantee>
	</user-data-constraint>
</security-constraint>


<login-config>
	<auth-method>FORM</auth-method>
	<realm-name>Example Form-Based Authentication Area</realm-name>
	<form-login-config>
		<form-login-page>/login.jsp</form-login-page>
		<form-error-page>/error.jsp</form-error-page>
		<form-default-page>/projects.jsp</form-default-page>
	</form-login-config>
</login-config>

This tells tomcat to take any files ending in .do or .jsp and secure them by a forms-based authentication. Tomcat then automatically uses my realm set up in server.xml to authenticate. My login.jsp file looks like this :

Code: 
<form method="POST" action="j_security_check">
User:<input type="text" name="j_username"><BR>
Pass:<input type="password" name="j_password"><BR>
<input type=submit name="Log in beatch">
</form>

Caveat: This only works if you go to a page that is authenticated, never go directly to login.jsp or it won't work. The reasons for this do make sense but it is a bit inconvienant.

If tomcat realms are a bit to specific to tomcat or you are using a different system check out Security Filter ( its a library that is not specific to a container and much more feature-rich.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

csphard
  • Locked
  • Question
debugging struts using eclipse
Replies
1
Views
199
Diancecht
Diancecht
csphard
  • Locked
  • Question
trying to learn struts need help getting started using struts 1.3.10
Replies
1
Views
231
csphard
csphard
makdu
  • Locked
  • Question
Radio button usage in struts
Replies
1
Views
225
Diancecht
Diancecht
arch555
  • Locked
  • Question
Struts 2 - incompatible OsgiConfigurationProvider
Replies
0
Views
162
arch555
arch555
mea36
  • Locked
  • Question
Testing Struts Framework
Replies
0
Views
112
mea36
mea36

Part and Inventory Search

Sponsor

Back
Top