Hello,
I am into evaluating Struts.
The struts-example.war does authentication for its users programmatically.
Why doesn't it use container managed security?
Wouldn't it be simpler (not having to reenvent the wheel), safer (the
container will do it better)
and standards compliant (servlet specification chap. 12) ?
Especially for enterprise applications that often use LDAP to authenticate
users
container managed security is very powerful if an application server
supports an LDAP realm.
Instead the Newbie FAQ (http://jakarta.apache.org/struts/newbie.html) links
to
(http://www.mail-archive.com/[email protected]/msg24504.html)
three other ways,
that do not use the standard features of the container.
The downpart of container managed security mentioned in
[htttp://www.jguru.com/faq/view.jsp?EID=471952]
"The only downside to this approach is that there is not yet a standardized
API for portably accessing and maintaining a "database" of users and roles
("database" is in quotes because the actual implementation could be
anything, including static text files or directory servers)."
is not a downside, because security is a sub-modul of the container and does
not have/need a standard API to the web application.
Thank you,
Juergen
_________________________________________________________________
Testen Sie MSN Messenger f�r Ihren Online-Chat mit Freunden:
http://messenger.msn.de
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
