> Right. It's getting there, but even this isn't right. For example,
> although I can designate a page as protected, what if what I really want
> to say is "render this page THIS way if the user IS logged in, and THAT
> way if the user ISN'T logged in". Is that a protected resource or not?
You could probably use the "error-page"-directive to specify a handler that
handles the "Not Authenticated"-error-message. Or something like that.
Anybody done this?
> I've gotten private emails that say (a) JAAS will be perfect for
> user-form-based authentication, and (b) JAAS will not at all be
> applicable for user-form-based authentication. From this I conclude
> that JAAS is not yet understood by the user community, let alone by the
> folks writing the specifications. Consequently I'm ignoring it for now
> until this whole spec-to-spec communication issue is resolved (with my
> luck long after my deadline...sigh...this industry...).
Yeah, your probably right. JAAS is at most a future-thingie.
I think the spec-to-spec communication issue is somewhat resolved at Sun. At
least the guys doing the enterprise-specs is talking to each other now.
(I've seen some stuff in specs like JMX that would need to be better
integrated with J2EE (and/or JINI), and, yeah, then we got the JINI-guys. I
wonder if the J2EE and the JINI-guys ever met... :)
> > I've gotten what you're talking about to work on WebLogic 4.5. Of course
> > this is WebLogic-specific.
>
> Good; could you be kind enough to send me a quick sample code snippet?
> I'd be eternally grateful.
Yeah, I'll send it to you privately so I don't get beat up for including
files in high-volume mailing-list. If anybody else wants this stuff, just
contact me.
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
