On 11-11-2010 at 20:57, Will Hartung wrote: [...] > Unfortunately, this is easier said than done, especially before Servlet > 3.0. It gets very container specific, especially if you want to propagate > the credentials back to the EJB tier in a JEE server.
Here you touch the heart of many problems: AFAIK, overriding the JavaEE authentication mechanism and then propagating it to the EJB tier so it can be used by the standard mechanisms is container specific. It's probably easier (for local EJB's at least) to create an entire framework using a session variable, and ditch the standard mechanism altogether. > However, there's nothing stopping Stripes from leveraging the existing > infrastructure even if it doesn't provide a way to programmatically set the > role and principle. If someone uses out of the box Form or BASIC security, > the @Role or whatever annotations will do the trick. IMHO, this is the best course of action for any framework (if you need it): only add to the authorization mechanism, and let the container handle authentication and propagate the principal. > I know we have our own custom login handler and our own realm for > GlassFish, using its programmatic login so it all works within the > framework of the JEE server. But its also GF specific, we'd have to port > that were we to go to another server. > > As far as implementing those modules and such in Stripes, that's not its > role, frankly. We use Stripes for login forms, and feed those inputs in to > our security mechanism. We use a Filter like every one else, but rely on > the Principals and Roles back on the EJB tier. Indeed: a filter at least allows you to override the roles and principles in the request. Given that Stripes (and many other frameworks as well) work more or less in the context of a servlet, overriding the principal and roles isn't even feasible. Regards, Oscar -- ,-_ Oscar Westra van Holthe - Kind http://www.xs4all.nl/~kindop/ /() ) (__ ( No trees were killed in the creation of this message. However, =/ () many electrons were terribly inconvenienced.
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
