Craig R. McClanahan wrote:
>The sweet spot for a common API for user administration (adds, deletes,
changes)
>is where there is no existing legacy system that you can integrate with.
My
>experience with web apps so far (3+ years) says that the former case (need
to
>integrate with a legacy security system) has happened much more often than
the
>latter.
For those that integrate with legacy security systems, perhaps they don't
need the ability to add a user. But the rest of us will, and even some of
the people with legacy security systems will want to use the admin APIs,
depending on their design. So I think it's a large enough group to be
considered.
Also, both types of apps may need the ability to add "properties" to a user,
eg security details specifically related to that app. Eg in the J2EE APM
they invented a entity bean & RDBMS table to store per-user details that
they couldn't store in the Realm. Perhaps this is a common requirement that
ought to be considered in this discussion?
>It's worse than that ... they modified Tomcat internals as they were
building it
>to add "J2EE RI"-specific hooks! This is one of the things we have to undo
>somewhat, to make Tomcat a candidate for embedding in other servers.
Yeah, I saw the "don't modify - j2ee" messages in the code. Bit of a worry!
Cheers
Geoff
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
