On Sep 9, 2008, at 2:08 AM, VANKEISBELCK Remi wrote: > Hi Myles, > > You have several ways to achieve this : > 1/ Use the container features (all of them do support BASIC and FORM > authentication), it's in the spec ;-P > 2/ Use a specific authentication (and possibly authorization) > library like Acegi > 3/ Implement your own form, controller and filter > > The simplest one IMHO, if your requirement is only to provide secured > access to your webapp, is 1/ : it's only about configuring your > web.xml, and registering the users in your app server. > Then, if you want to bind your own users/roles storage, 2/ is > probably good. > I wouldn't go for 3/... redeveloping authentication/authorization is > quite a wheel to reinvent :)
Container based FORM authentication works pretty well for a lot of cases. The primary nit against it is that the roles are "hard coded" in to your web app. Specifically, you can't create a role on the fly without redeploying. But, in truth, it really works quite well for a lot of situations, and is pretty simple to set up. If you have your own User Database, most every container has a "JDBC Realm" that you can leverage. The game there is simply to make sure your DB can provide what the container needs (which is typically little more than username, password, and role list -- we've used a SQL VIEW in the past to make that work). Container authentication also works well with LDAP, using groups as roles. As for 2 vs 3, depending on the sophistication, it's a toss up. A simple filter ala BugZooky isn't that hard, and Acegi is notorious for being a pain to set up (especially if you're not using/have no familiarity with Spring). If you have a reasonable number of roles (< 10), I'd try working with container security. Regards, Will Hartung ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
