An oldie but still relatively a goodie:
http://www.javaworld.com/javaworld/jw-07-2004/jw-0726-security.html
Obviously custom security is much more powerful these days with HTTP
filters and AOP. It should be fairly simple to write a filter that
looks at the URIs and sends users to the login page depending on the
state of the session. Likewise, you could probably easily write an
interceptor for methods to verify the user has access to specific
services/methods.
I wrote a simple security implementation for JCatapult and it took a
few days total to write. You'll need some filter handling, a
ThreadLocal, and session storage. Other than that, there isn't much to
it. You could then use the ThreadLocal for the AOP handling as well.
-bp
On Jul 27, 2009, at 6:51 PM, Dhanji R. Prasanna wrote:
> Hi Ricardo,
>
> You are right the ServletModule does not implement the security
> mechanisms available in web.xml. This is mostly because it is not
> particularly generalizable. Most applications provide their own
> application layer security, using a filter to lock out certain URLs,
> etc.
>
> The security constraint system requires deep integration with the
> servlet container to provide in any useful fashion (even appengine
> does not fully implement this, as you may be aware). So we have
> deliberately stayed away from it in GS2.
>
> Short answer: yes, you can simply fallback on web.xml for this part,
> or apply a custom filter that does the securing the way you require
> it (recommended).
>
> Regards,
> Dhanji.
>
> On Tue, Jul 28, 2009 at 2:14 AM, Ricardo Rocha
> <[email protected]> wrote:
>
> Hi.
>
> I'm using Guice in an application running against appengine. I've
> followed the instructions and it works fine, but i couldn't figure out
> the equivalent of the <security-constraint> available in the
> appengine's web.xml in the ServletModule configuration.
>
> I mean this:
> http://code.google.com/appengine/docs/java/config/webxml.html#Security_and_Authentication
>
> Is there a way to pass it or do i need the web.xml to use the
> appengine's built-in auth?
>
> Thanks in advance,
> Ricardo
>
>
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"google-guice" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/google-guice?hl=en
-~----------~----~----~----~------~----~------~--~---
