Hmmm... So, what is the bottom line - stick to one particular servlet
container? Or is it possible (and/or feasible) to implement security
handling for multiple containers, say tomcat and resin?
-----Original Message-----
Subject: RE: Security for Actions or ActionClasses?
Date: Thu, 29 Nov 2001 09:10:56 -0600
From: "AJ Morris" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
True, ultimately it is the container reports back the roles. The
security
methods are part of the JDK, such as isUserInRole(), getUserPrinciple(),
etc. However, each container implements the underlying architecture
differently, including the assignment of users, roles, and groups
differently. For example, Tomcat offers the concept of realms --
MemoryRealm
or JDBCRealm. Websphere implements this totally differently, by
accessing
the underlying Local Operating System registry, LDAP, or by exposing an
API
for custom plugins.
Editorial:: Tomcat has the best security implementation I've seen, while
Websphere's approach is senseless; LocalOS? What's up with that?
--
Fyodor Golos
ResGen, Invitrogen Corporation
2130 Memorial Pkwy, SW
Huntsville, AL 35801
Phone: 800-533-4363
Direct: 256-327-4297
Fax: 256-536-9016
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
