4 Replies Latest reply on Feb 2, 2002 8:05 PM by Luke Taylor

    Struts and JAAS

    zzz Newbie

      Is it possible security roles to be made with a strut instead of servlet? Where do we need to put the <security-domain>?

        • 1. Re: Struts and JAAS
          zzz Newbie

          I mean, normally the &lt;security-domain&gt; is in the jboss-web.xml. Where it needs to be, if we have a strut?
          I appreciate!

          • 2. Re: Struts and JAAS

            Your question doesn't seem to make sense. Struts is a framework which uses servelts and JSPs. The fact that your web application uses it should be irrelevant.

            Why do you think it would change any of the security configuration stuff?


            • 3. Re: Struts and JAAS
              zzz Newbie

              Hey ,
              Thank you very much! I appreciate your help.
              OK, I'm using struts instead of servlets.
              The servlets are described in the web.xml and the struts are described in struts-config.xml. That's what is confusing me.
              When I try to create an EJB I have the following error

              Insufficient method permissions: principal=null.

              The user is authenticated with the role Role instead of administrator as it should be.
              I think that on the EJB side the method permissions are OK, so the problem is somewhere in the client side.
              I have in JBOSS_DIST/conf the auth.conf with
              example1 {
              org.jboss.security.auth.spi.UsersRolesLoginModule required

              and in JBOSS_DIST/client

              example1 {
              org.jboss.security.ClientLoginModule required;

              Do you have an idea what the problem might be?

              • 4. Re: Struts and JAAS


                You say "that's what is confusing you" - do you mean you don't quite understand struts or you just don't know how to set up the security stuff?

                What do you mean by "The user is authenticated with the role Role instead of administrator" ?

                Two things to check:

                1. Do you get a login box (or form) when you try to access a protected url?

                2. Have you setup a security domain for your app in your jboss-web.xml?

                If you haven't done the latter then you will be using the default "other" configuration. If this doesn't have a
                setting for "unauthenticatedIdentity", and you haven't logged in then the principal will be null when you try to access your EJBs.

                Another thing - the JBOSS_DIST/client auth.conf file is irrelelevant for your web app.