Well, the thing is, no-one has yet convinced me that we are so very deficient ;-) I mean, I am totally prepared to believe we are deficient, but I need to know _how_ we are deficient.
I have been asking and asking for someone to explain what it is about EJB3 role-base security @RolesAllowed that does not let them do what they want to do. No-one has yet given me a straight answer.... (I mean, I have a clue of some things, but I need concrete real-life examples.) Well, I know that there is one problem: Servlet spec authentication is totally broken and crap. So people have to write their own authentication layer. And then, people have trouble integrating their homegrown authentication with Java EE security. However, it turns out that this problem is solvable: you can write a servlet filter that grabs your principal from the HttpSession, and calls directly to JAAS to establish the association b/w the request and the principal. Then you can take advantage of EJB3 authorization stuff. So, what I need to know is: what is this magical stuff that Acegi has that Java EE authorization does not have? (I don't think its possible to just have a Seam component take advantage of Acegi via Spring - the whole interceptor model is different.) (People working actively on Seam are: me, Shane, Thomas, Norman, with Jacob advising. But note that none of these people are anything like fulltime on the project.) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954894#3954894 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3954894 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
