In terms of authentication, we agree that what the servlet spec offers is total
nonsense, and we are looking into implementing something nonbroken using Tomcat
realms.
For authorization, the combination of EJB3 method-level security with the
isUserInRole component, ie. rendered="#{isUserInRole('admin')}" seems to me to
do the trick in terms of all the requirements I've seen so far, but I would not
be at all surprised if I'm missing something.
I'm really interested to hear more about what people think Acegi offers in
terms of authorization that can't be handled using EJB3 security.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3940714#3940714
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3940714
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
