Custom Registry! Chapter 5.x in the info center! danny
Siong Chan wrote: > Thanks Eddie.. > > I'll start investigating the "custom realm" possiblity in Websphere. > Websphere is just an embellishment of Apache, so, I would assume that > if Apache can, so can Websphere....however, who knows.. > > Thanks again Eddie.. > > Cheers! > Siong > > At 05:01 PM 19/09/2002 -0500, you wrote: > >> CMA is Container Managed Security. It's implementation will vary >> from container to container. It is not tied to EJBs in any way shape >> or form. What it is ... is simply ... container-managed security >> :-) The container manages the login. >> >> - user asks for a page with restricted access (configured in web.xml) >> - server saves request >> - server presents user with login page >> - user submits login >> - server processes login >> - server replays initial request made by user >> >> For "server processes login", the server would (depending on how you >> configured it; different options may be available from different >> vendors): check a database, do a JNDI lookup (LDAP), or <something >> else>. Tomcat supports JDBC, JNDI, flat-file, and ... I think it >> provides another one now, though what it is escapes me. >> >> Sounds to me like CMA may not quite work for you, unless you >> implemented a custom realm (don't know if your container supports >> this; Tomcat does). You're saying that the cookie is a prompt to >> begin a login for a specific user. I guess it's not so bad if you're >> not including their password; I'd try to go for a userid instead if >> you could -- much less recognizable and identifyable. Sorry I came >> off like a "loose cannon" ;-) I do that sometimes, but my heart is >> in the right spot. I just had to see people use practices that might >> cause (even more) people to disable cookies out of paranoia. >> >> CMA != EJB >> CMA != Full-Fledged J2EE Server (ie JBoss) >> >> I believe this is a servlet specification. Therefore, any servlet >> container should provide you with a way to configure it. Of course, >> there will be as many different ways to configure it as there are >> vendors of servlet containers :-/ ... but that's what happens when >> you don't set a standard for something. >> >> Siong Chan wrote: >> >>> Hi Eddie and Dimitar.. >>> >>> Thanks for your responses. I realise that using cookies isn't the >>> most secure thing to do, however, this is a restriction that has >>> been placed upon us from the server that is redirecting the call to us. >>> However, we actually only keep the username and some other >>> information (not password) in the cookie and then our server will >>> need to perform a server to server SOAP message to authorise the >>> userid with the originating server. >>> >>> BTW, Eddie, is your CMA specifically the EJB container users/roles? >>> Does the web container allow CMA? >>> >>> Dimitar...your idea to forward directly to an action worked. Thanks! >>> >>> Cheers! >>> Siong >> >> >> >> -- >> Eddie Bush >> >> >> >> >> -- >> To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >> >> > > Siong H. Chan > Systems Engineer, eBusiness Division > MacDonald Dettwiler > Add: 13800 Commerce Parkway, Richmond, BC, Canada V6V 2J3 > Email: [EMAIL PROTECTED] > Voice: (604)231-2150 > Fax: (604)278-2533 > URL: http://www.mda.ca/ > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
