> On May 20, 2015, at 9:49 AM, Emmanuel Lécharny <[email protected]> wrote: > > Le 20/05/15 16:06, Oleksandr Bodriagov (Polystar) a écrit : >> Hi Shawn, >> >> I was thinking about making a Fortress .rpm that would include core,realm, >> web, and rest components. >> My idea was to deploy everything on embedded Jetty and have one executable >> jar instead of many different wars and a standalone Tomcat installation. > > I'm quite sure you can do the exact same thing using Tomcat instead of > Jetty.
A good idea but a couple of concerns: First, we have not implemented the Jetty realm interface (for javaEE security). I have tested fortress-web in Jetty using its standard file realm. The file realm is not good for anything other than test scenarios as credentials are stored in clear text inside a file. Another problem relates to the javaEE security processing. The user session created by the container during authentication can’t be passed down into the web app (in Jetty). This requires the app to create a 2nd rbac session. While it works, it’s inefficient. These concerns lead me to echo Emmanuel’s recommendation and use Tomcat if possible. Shawn [email protected]
