Greetings Michael, I don't believe it has to be struts specific. But, I have never used it anywhere but struts. There many other features I would like to add to it. Specifically an ldap realm for authorization and perhaps add some hooks that will provide EJB conectivity. Do to my EJB ignorance I don't even know if it is possible.
One thing to note. Because a webapp has limited access to the server scope this security solution is context specific for now. This is why I want to add some of the afformentioned hooks. I also imagine it would be possible to store the security xml file so that it can be cross context and provide a single security config for multiple contexts under a host. Another thing to note is that many of the apis that are out there (ie tiles, jsp, servlet) take advantage of the container managed security by checking roles. These are all container specific. I've chosen to abandon all of those niceties to gain greater flexibility in other areas. I have sacrificed the standard convention that these mechanisms provide. I feel it is a good decision for my niche. I will be providing mechanisms equal to the isUserInRole(), getRemoteUser(), and getUserPrincipal(). But these objects will be context-session specific. My solution should be able to work as an app level link to a larger security system that bypasses tomcat security all-together. I have heard some speak about ejb as thought they need the container-managed security. This might be so. I don't know. I am hoping that someone might be able to provide that functionality. If you would like to look at my code I am more than happy to pass it on. But, it is narrow in scope to my application. This has become apparent to me as I read some email regarding what I have developed. I believe the code and concept to be a good starting point to provide a better security framework. The strongest part of the code it the SecurityFilter and MulitpleLogin configuration options. Let me know, Brandon Goodin Phase Web and Multimedia P (406) 862-2245 F (406) 862-0354 [EMAIL PROTECTED] http://www.phase.ws -----Original Message----- From: Michael Mok [mailto:[EMAIL PROTECTED]] Sent: Monday, April 01, 2002 7:11 PM To: [EMAIL PROTECTED] Subject: RE: Security Solution Hi Brendon We are interested to see your alternate solution for container managed security. Does your solution need STRUTS and will it tie in easily with STRUTS? Can you send us your source code? Thanks in advance. Michael Mok -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
