The key for me is: "tomcat container managed security". That's not portable. Surely it's less complex than what I was talking about, but when you need something special like what you said (more control over a login), you need to implement a tomcat specific realm, and all your efforts go to a dead end. JSecurity, on the other hand, is Filter based (as Spring Security), and thus, portable. It takes more time to implement, but at least it won't be a blocker when your boss comes and says that you need and extra login step. Not long ago, I went for the tomcat realm solution, and now... please, don't remind it to me ;)
-----Mensaje original----- De: Lionel [mailto:[email protected]] Enviado el: martes, 31 de marzo de 2009 11:17 Para: [email protected] Asunto: Re: [Stripes-users] Stripes Security "now what" question Hictor Lspez wrote: > Unless required, I would stay away from container managed security, > it's too complex for what it's really worth... I've been using the > JSecurity project for a while and I love it. It's not "integrated" How I work with tomcat container managed security: - define a DataSourceRealm in context.xml - list roles in web.xml - add annotations on actionbeans If you have something less complex, I am very interested. I'd like to avoid having to list roles in web.xml, have the possibility to save last connection time and connection count, blacklist for several minutes users who try multiple passwords, have a "remember me" checkbox...without having to add a single line of code. Some of these are possible with Spring security, but found it a way too complex to perform such basic things. ------------------------------------------------------------------------------ _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
