We have always used JAAS in our projects for user authentication and
authorization and never had problem with it. It's easy and straightforward
to use.
I find myself using the SecurityInterceptor (Securing Stripes With ACLs) all
the time since it's a lot simpler than J2EESecurityManager (Security
Interceptor for custom authorization) and its Taglib is a lot more intuitive
and practical. Only once was it not able to satisfy our requirements and we
had to implement our own interceptor.
As Will pointed out, it's a lot more convenient to use an annotation in your
handler methods instead of calling getRequest().isUserInRole("role") each
time you need to authorize a user.
Also, I do not understand why you should have to override the Java EE
authentication mechanism in order to have it propagated to the EJB tier. Can
you explain further?
--
Samuel Santos
http://www.samaxes.com/
On Fri, Nov 12, 2010 at 6:29 AM, Oscar Westra van Holthe - Kind <
os...@westravanholthe.nl> wrote:
> On 11-11-2010 at 20:57, Will Hartung wrote:
> [...]
> > Unfortunately, this is easier said than done, especially before Servlet
> > 3.0. It gets very container specific, especially if you want to propagate
> > the credentials back to the EJB tier in a JEE server.
>
> Here you touch the heart of many problems: AFAIK, overriding the JavaEE
> authentication mechanism and then propagating it to the EJB tier so it can
> be
> used by the standard mechanisms is container specific. It's probably easier
> (for local EJB's at least) to create an entire framework using a session
> variable, and ditch the standard mechanism altogether.
>
>
> > However, there's nothing stopping Stripes from leveraging the existing
> > infrastructure even if it doesn't provide a way to programmatically set
> the
> > role and principle. If someone uses out of the box Form or BASIC
> security,
> > the @Role or whatever annotations will do the trick.
>
> IMHO, this is the best course of action for any framework (if you need it):
> only add to the authorization mechanism, and let the container handle
> authentication and propagate the principal.
>
>
> > I know we have our own custom login handler and our own realm for
> > GlassFish, using its programmatic login so it all works within the
> > framework of the JEE server. But its also GF specific, we'd have to port
> > that were we to go to another server.
> >
> > As far as implementing those modules and such in Stripes, that's not its
> > role, frankly. We use Stripes for login forms, and feed those inputs in
> to
> > our security mechanism. We use a Filter like every one else, but rely on
> > the Principals and Roles back on the EJB tier.
>
> Indeed: a filter at least allows you to override the roles and principles
> in
> the request. Given that Stripes (and many other frameworks as well) work
> more
> or less in the context of a servlet, overriding the principal and roles
> isn't
> even feasible.
>
>
> Regards,
> Oscar
>
> --
> ,-_ Oscar Westra van Holthe - Kind
> http://www.xs4all.nl/~kindop/<http://www.xs4all.nl/%7Ekindop/>
> /() )
> (__ ( No trees were killed in the creation of this message. However,
> =/ () many electrons were terribly inconvenienced.
>
> -----BEGIN PGP SIGNATURE-----
>
> iEYEARECAAYFAkzc3tEACgkQLDKOJAl7tOJWYwCg4JdHEtcoY/MxKJUFzJjfgaO3
> 4QcAmgOFZxfkUdnuCu6fFWTPBlvPGJA/
> =KYOS
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Centralized Desktop Delivery: Dell and VMware Reference Architecture
> Simplifying enterprise desktop deployment and management using
> Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
> client virtualization framework. Read more!
> http://p.sf.net/sfu/dell-eql-dev2dev
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
------------------------------------------------------------------------------
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
