> It seems to me that the things that go in WAR should be very tightly
> controlled indeed.
>
> If a particular servlet wishes to do authentication in a strange and
> wonderfull way then it can, but this doesn't need to go in the WAR.
>
> The servlet can just do it.
>
> Unless you mean something else?
No, I don't mean this.
What I'm looking for is a hook for a component (or a servlet) that can
implement the authentication for the application. I'm not asking for
specialized authentication for specific servlets.
The current spec leaves the above to tool-vendors. I can imagine a GUI
to create users, roles, etc in the admin modules of various servlet
engines. Imagine a propeitary enterprise-wide authentication system!
Currently, the provision for form-based authentication does not simplify
integrating such systems with servlets.
Regards,
Subrahmanyam
------------------------------------------------------------------------------------
Dr. Subrahmanyam A.V.B.
http://www.Subrahmanyam.com
------------------------------------------------------------------------------------
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
