True, ultimately it is the container reports back the roles. The security methods are part of the JDK, such as isUserInRole(), getUserPrinciple(), etc. However, each container implements the underlying architecture differently, including the assignment of users, roles, and groups differently. For example, Tomcat offers the concept of realms -- MemoryRealm or JDBCRealm. Websphere implements this totally differently, by accessing the underlying Local Operating System registry, LDAP, or by exposing an API for custom plugins.
Editorial:: Tomcat has the best security implementation I've seen, while Websphere's approach is senseless; LocalOS? What's up with that? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Fyodor Golos Sent: Thursday, November 29, 2001 7:09 AM To: Struts-User Subject: Re: Security for Actions or ActionClasses? Nic's package looks very interesting! However, in the end it's the container that reports back which role the user is in, correct? I am still puzzled as to how to implement that part. Is it container-specific? In other words, when I implement role-based security, do I just lock myself into, say, Tomcat, and stick to it forever? That kinda hurts portability. Anyone cares to correct me? -- Fyodor Golos ResGen, Invitrogen Corporation 2130 Memorial Pkwy, SW Huntsville, AL 35801 Phone: 800-533-4363 Direct: 256-327-4297 Fax: 256-536-9016 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
