On Tue, 09 Jul 2002, Craig R. McClanahan wrote:
>The example app rolls its own for one and only one reason -- one of the >purposes of this webapp is to detect whether you have Struts installed and >working on your container correctly. The less configuration tinkering you >have to do for a "hello, world" application to work, the better. Couldn't that better be checked in javax.servlet.Servlet.init(ServletConfig config) possibly even with load-on-startup ? >In general, I believe that apps should use container managed security >rather than rolling their own. So your statement should be in the FAQs. Unfortunately most examples I saw (Learning Jakarta Struts from http://www.onjava.com/lpt/a//onjava/2001/10/31/struts2.html, the O'Reilly Struts book) seem to copy this idea and all use now Struts managed login pages. >Consider that you are writing a portal application, with the usual self >registration facilities. It is trivially simple to make the portal app >itself portable across containers, if you just stick to standard servlet >and JSP facilities. But the notion of "add a new user" is not portable, >and requires integration with each container's own user database update >mechanisms (for example, using a particular Realm in Tomcat). There is no >way to write the functionality for this in a portable way. Yes, this is definitely a problem. We once ended copying LDAP logic that already was in the realm into the application. Maybe there should be added functionality to javax.servlet.ServletContext to add and delete users. Juergen _________________________________________________________________ Testen Sie MSN Messenger f�r Ihren Online-Chat mit Freunden: http://messenger.msn.de -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
