Max Cooper wrote: > Another alternative is to use a filter to mimic container-managed security > [including wrapping the request with your implementations of > getRemoteUser() > and isUserInRole()]. This way, you could provide a programmatic > interface to > log users in with an Action, ...
I have read MANY previous discussions on this list debating container vs. app managed security. Usually they end up suggesting that since container managed is limited, if you can't use it, then roll your own, similar to the above comment. Craig's reply also said basically the same thing. So is anybody aware of an Apache-like project that is attempting to implement a "generic" application security solution for this problem? I mean, with filters and the ability wrap the request, as Max mentioned, a pretty robust solution could be developed that could be easily extended for different db schemas, etc. Yet I feel like we're all reinventing the wheel here, each of us implementing tactical rather than strategic solutions. Sorry if there's already been a discussion of these projects, but I looked and couldn't find any... Thanks, Joe -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
