francis pouatcha wrote:
> Programaticaly creating users and principal (in the bean code) is a bad
> practice.
[snip]
> > Do principals represent new dynamic users that are created as
> > part of business processes, or do they represent system/operations-level
> > users?
>
> I'd choose the first (business process users).
So given that you think that principals *do* represent new dynamic
users, why can't I create them programmatically? If they're new and
dynamic, then how can I possibly NOT create them programmatically?
> I'd couple EJB and Servlet authentication and leave authenticatication issues
> to my EJB- and my WEBserver (whenever possible). Coding authentication into
> your servlet kills the portability of your web components.
I've now heard this from lots of people. I still don't know what it
means.
If I have a piece of HTML that looks like this:
<FORM ACTION="http://my.server.com/LoginServlet">
<INPUT TYPE=TEXT NAME="username">
<INPUT TYPE=TEXT NAME="password">
</FORM>
...then how does my webserver know that authentication should take
place? I fail to see how this is possible.
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
