But surely this is handled by the container. If the container's implementation is not sufficient (e.g. it doesn't allow password file validation that an app requires), should it not allow something like a JAAS module to be plugged in? This would allow code to be written in a consistent way (or not written at all if more fine-grained security is not required)
Walter -----Original Message----- From: James Ward [mailto:[EMAIL PROTECTED]] Sent: 08 July 2002 16:45 To: Struts Users Mailing List Subject: RE: Re: [ARTICLE] Using JAAS and Struts Not if you want to have security on the method level of your ejb's. JAAS is the way to go for security in distributed apps. If you just have a simple web app with no j2ee stuff, then sure, add a few lines to your web.xml file. If you have something more complex, use JAAS. -James > -----Original Message----- > From: Struts Newsgroup (@Basebeans.com) [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 9:40 AM > To: [EMAIL PROTECTED] > Subject: Re: [ARTICLE] Using JAAS and Struts > > Subject: Re: [ARTICLE] Using JAAS and Struts > From: "Vic C." <[EMAIL PROTECTED]> > === > If I may, > he does a *lot* more than he needs and mkaes it complex. He can just set > up a few lines in WEB.XML and he is done. > > matt_raible wrote: > > I saw this from the Denver JUG this morning, thought some folks > > might be interested: > > > > http://www.mooreds.com/jaas.html > > > > Downloads and code samples from: > > > > http://www.mooreds.com/ > > > > > > -- > > To unsubscribe, e-mail: <mailto:struts-user- > [EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:struts-user- > [EMAIL PROTECTED]> > > > > > -- > To unsubscribe, e-mail: <mailto:struts-user- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:struts-user- > [EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
