looking for a tutotiral regarding security management

Hi there,

can anyone advise on any tutorial for 'security-management' in terms of users/permissions/subject/groups/roles etc?

I'm fairly new to this subject and wonder where to start. I read about JAAS but it had so much irrelevant info to security-management that I was overwhelmed.

I have a struts application in which I want to give user permission, to view some record and to provide flexibility to 'admin' to assign roles.

Thank you!

JAAS is a general-purpose framework that's often overkill, especially for web apps that provide a mechanism based on users/roles/permissions define din the servlet spec.

The http://faq.javaranch.com/java/TomcatFaq has some pointers on this in the "How do I implement security for my web application ?" section (it's applicable to other servlet containers as well).

Peter,
Have you had a look at acegi?
I'm currently hooking it up to a struts based application. The learning curve is steep but manageable. However it takes care of a lot of things you have
to consider when wrapping a security layer around a web app.
regards,
Mo

ps- If you do pursue the acegi approach, have a look at Spring in Action book by Craig Walls. It has a good chapter on it
[ February 20, 2008: Message edited by: mo sayed ]

Hi ,
How to integrate Struts with ACEGI for authentication and Authorization?
Is it possible to integrate ACEGI with Struts1.2?
Please help.

Regards,
Prem