You could cache user profile information in http session state or a stateful
session bean. That information would serve as a filter for which pages are
usable by the user.
Unfortunately EJB authentication out of the box is probably not appropriate
for this senarion, given that your need to ask the user/role/acl question at
the servlet/JSP level (bouncing back and forth to a session bean to do this
is some overhead you might not want to incur).
Use the right tool for the right job...
-Chris.
> -----Original Message-----
> From: Jon [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, December 08, 1999 8:21 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Are we mad?
>
> Hi Rickard,
>
> I read your interesting reply to in the group.
> One problem that I face is the authentification and the impact it has
> on our EJB/servlet/jsp design.
>
> The problem, simply stated, is:
> - Say we have 10 modules of 100 static pages and 10 modules of 100 dynamic
> pages.
> - We have to dynamically (depending on what name you logged in under)
> grant access
> to the various pages.
> - One obvious way to do this is to put a servlet in, autho, and *all*
> accesses go
> through this servlet (which redirects if necessary) - (if session exists
> continue else
> go to login page)
>
> My question is, how do people usually do authenticiation of applications
> and
> vast quantities of static/dynamic pages, and how scalable is it.
>
> Would be grateful for any input,
> Regards,
> Jon
>
> ==========================================================================
> =
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
