>However, to use this in a real application, we would still need a
>programmatic API for adding new user/password/role data from a servlet
>(hopefully using an API that is standard/portable across servlet engines).
>Does this exist somewher else in the J2EE spec?
I have been wondering similar things myself recently.
Turns out that Role based security is pretty popular at the moment for J2EE,
etc, but that generic object based security using ACLs hasn't really been
explored much yet, and that the admin interface in particular has been
"forgotten" for now. This is a natural consequence of the JDK requirements
which have driven java security features so far.
If you (download and) read the J2EE APM, they basically admit that the API
for administering users,etc hasn't been thought out. They actually use the
same "container specific" com.sun.server.realm.Realm API that the
JavaWebServer used way back in the day. You can download JWS2.0 eval from
the Sun web site which includes the applet to admin all this stuff and the
docs if you are interested.
Following servlets, ( and SSL and ACLs which seem to have come from JWS),
it's a pretty good guess that Realms will eventually make their way into the
java/x package in some way, shape or form, so perhaps using Realms is the
closest you can get to a standard API for the moment.
BTW, I recently tripped over a java implementation of NFS whics uses the ACL
classes in an interesting fashion which might also be useful for reseach.
http://www.radwin.org/michael/projects/jnfs/paper/jnfs.html
Cheers
Geoff
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
