On 09-09-2008 at 08:19, Will Hartung wrote: > > Container based FORM authentication works pretty well for a lot of > cases. The primary nit against it is that the roles are "hard coded" > in to your web app. Specifically, you can't create a role on the fly > without redeploying.
Actually, there is a special role called * that represents "any role". You can use this to demand that for certain pages a user is logged in, and then you can use any standard or custom access control scheme that builds on that. In fact, you can even limit it's use to only demanding the container to authenticate the user. Then have your servlet/filter/... check access, and return a 403 HTTP error if access is not allowed (as you know the user is already authenticated by the container). Oscar -- ,-_ DRM = Customer Control = Customer Lock-in = /() ) Death of the free market. (__ ( =/ () ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
