What about JAAS? Kurt Madel Programmer, CSMi (703) 823-4300 ext. 170
-----Original Message----- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 12:30 PM To: Struts Users Mailing List Subject: RE: Using CheckLogin tag from within tiles On Tue, 8 Oct 2002, David Graham wrote: > Date: Tue, 08 Oct 2002 01:01:32 -0600 > From: David Graham <[EMAIL PROTECTED]> > Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: RE: Using CheckLogin tag from within tiles > > Craig, > I agree with most of your points but you must admit that the non-standard > implementations of CMA are a pain. Not really when you work for a company > that sells a container (Sun, BEA, IBM) because you'll always be using > their's, but when developing for a number of containers this can be painful. > > It would help if at least one standard implementation was prescribed by the > spec...I personally like tomcat's jdbc realm implementation. > There are actually two pieces to this problem. * For authorization (i.e. looking up roles), the APIs for common plugins for containers were standardized in JSR-115, which is part of J2EE 1.4 (and is being implemented in Tomcat 5). * For authentication (i.e. username/password type checks), no such standardization has yet taken place. The problem with something like Tomcat's Realms is that they don't come anywhere close to meeting all the real world requirements (which is another reason people don't use CMA even if they don't have to worry about cross-container issues). It is a very complex problem space -- go get and read the JSR-115 spec (currently in proposed final draft) if you want a feel for this :-). I just wanted to remind people that they really are playing with fire when they take authentication and authorization upon themselves. > Dave Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
