Laird Nelson wrote:
francis pouatcha wrote:I believe what you are referring to is related to the following statement that is from the j2ee spec:
> Programaticaly creating users and principal (in the bean code) is a bad
> practice.[snip]
> > Do principals represent new dynamic users that are created as
> > part of business processes, or do they represent system/operations-level
> > users?
>
> I'd choose the first (business process users).So given that you think that principals *do* represent new dynamic
users, why can't I create them programmatically? If they're new and
dynamic, then how can I possibly NOT create them programmatically?> I'd couple EJB and Servlet authentication and leave authenticatication issues
> to my EJB- and my WEBserver (whenever possible). Coding authentication into
> your servlet kills the portability of your web components.I've now heard this from lots of people. I still don't know what it
means.If I have a piece of HTML that looks like this:
<FORM ACTION="http://my.server.com/LoginServlet">
<INPUT TYPE=TEXT NAME="username">
<INPUT TYPE=TEXT NAME="password">
</FORM>...then how does my webserver know that authentication should take
place? I fail to see how this is possible.
Since this client has not yet authenticated itself to the application
environment,
the server responsible for delivering the web portion of the application
(hereafter referred to as �web server�) detects this and invokes
the appropriate
authentication mechanism for this resource.
The spec will handle the case where you don't want to require login until the user wants to access a protected resource. But what if you want the user to login before accessing a protected resource? Looks like that Servlet will have to be written in a container dependent way. But it would be nice if there were a standard way to do that.
Cheers,
Laird===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
