I would love to see your code. I will most likely have to run our own security model for our app. I think it will probably run directly against the db rather than using LDAP, but am still quite intrigued to read what you worte.
Thanks! Michelle Harris On Tue, 2002-04-02 at 15:23, Phase Web and Multimedia wrote: > Greetings Michael, > > I don't believe it has to be struts specific. But, I have never used it > anywhere but struts. There many other features I would like to add to it. > Specifically an ldap realm for authorization and perhaps add some hooks that > will provide EJB conectivity. Do to my EJB ignorance I don't even know if it > is possible. > > One thing to note. Because a webapp has limited access to the server scope > this security solution is context specific for now. This is why I want to > add some of the afformentioned hooks. I also imagine it would be possible to > store the security xml file so that it can be cross context and provide a > single security config for multiple contexts under a host. > > Another thing to note is that many of the apis that are out there (ie tiles, > jsp, servlet) take advantage of the container managed security by checking > roles. These are all container specific. I've chosen to abandon all of those > niceties to gain greater flexibility in other areas. I have sacrificed the > standard convention that these mechanisms provide. I feel it is a good > decision for my niche. > > I will be providing mechanisms equal to the isUserInRole(), getRemoteUser(), > and getUserPrincipal(). But these objects will be context-session specific. > > My solution should be able to work as an app level link to a larger security > system that bypasses tomcat security all-together. > > I have heard some speak about ejb as thought they need the container-managed > security. This might be so. I don't know. I am hoping that someone might be > able to provide that functionality. > > If you would like to look at my code I am more than happy to pass it on. > But, it is narrow in scope to my application. This has become apparent to me > as I read some email regarding what I have developed. I believe the code and > concept to be a good starting point to provide a better security framework. > > The strongest part of the code it the SecurityFilter and MulitpleLogin > configuration options. > > Let me know, > Brandon Goodin > Phase Web and Multimedia > P (406) 862-2245 > F (406) 862-0354 > [EMAIL PROTECTED] > http://www.phase.ws > > > -----Original Message----- > From: Michael Mok [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 01, 2002 7:11 PM > To: [EMAIL PROTECTED] > Subject: RE: Security Solution > > > Hi Brendon > > We are interested to see your alternate solution for container managed > security. Does your solution need STRUTS and will it tie in easily with > STRUTS? > Can you send us your source code? > > Thanks in advance. > > Michael Mok > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
