Craig R. McClanahan wrote:
>For the 2.2 API, what you really want is a way to connect your servlet
container
>to this security realm. At the moment, that's going to be a per-container
issue,
>but remember -- this only affects deployment of the servlet container
itself,
>*not* the applications you run in it.
Ahem. This is only correct if your servlet has a "closed" user group - i.e.
it doesn't want to add or delete users itself.
I can imagine the opposite is a pretty common requirement. Even the J2EE
demo app needs to use this "container specific" functionality!
>Should this API be standardized? Perhaps, but it's going to be quite a
challenge
>to encompass all of the nuances of legacy security realms in a single
generalized
>API. This might be an area better left non-standardized, to avoid stifling
>functionality needed for particular application requirements --
particularly when,
>in many cases, the legacy functionality already exists and is in use. If
the
>general API did not include some particular functionality that was needed,
this
>would be a strong disincentive to using Java servlet technology for that
app, and
>that would be a shame.
<humour>
This train of thought sounds a bit like it was dreamed up by the M$
marketing dept if you ask me!
</humour>
IMHO, forcing web apps with an "open" user group to be non-portable would be
a big blow for J2EE's usefulness. I'm hoping that Sun will "fix" this
problem in future J2EE releases...
Cheers
Geoff
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
