Davina and Mac wrote:
> Has anybody out there implemented a roles-based security system in a Struts
> application? If so, did you use an existing class library or write your own?
> It seems to me that relying on container providers for security schemes
> makes it almost impossible to write portable applications, and Struts/MVC,
> with its single point of access and clearly defined actions would be an
> ideal place to implement security...
> thoughts anyone?
Relying on container provided authentication is, by definition, nonportable. So
you are correct: It is impossible to write a portable application that relies on
container provided authentication.
On the other hand, it's not that hard to bypass servlet containers and write
your own authentication. This is what the Struts example application does with a
CheckLogon custom tag.
david
