If possible, I think that there are a lot of advantages to using container-managed security. However, it depends on how well you authorization needs fit. If you are using LDAP for your back end security data store, then Weblogic CMA works well with this. I have not used Weblogic CMA against RDBMS but I am sure it works well for this as well provided that your data model is a close match. However, if your authorization rqmts are based on more than just role (for example, let's say a user's role plus the department he belongs to) than making CMA fit becomes more difficult. That is where something SecurityFilter works well. I have researched SecurityFilter (http://securityfilter.sourceforge.net) and I think it can be quite useful in bridging the gap between container-provided security and a custom security policy. One thing for sure is that it will be more portable across App Servers, than say, providing a Weblogic Custom Realm. However, I have not SecurityFilter in a production environment so YMMV.
Bill as as wrote:
Hi,
We have a web app implemneted in struts and deployed in Weblogic 7.0.We are planning to implement/consider filter frameworks for allowing role based access into the web app.(may be including the security filter framework.)Any suggestions on how this can be done and design decisons....
Role based access meaning different users could get access only to different set of pages and anot all-trying tos eparate authentication from jsp's (business logic out of jsp's and into the filter framewrok/back end authentication mechanism)
Thanks in advance.
Sam.
Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
