Please take a look at implementing JRun4 CMA with an OODB (like the one I am using, Objectivity, oh, and no (Container) support contract). It is not as simple as you say -- just like a JNDI lookup.
So I look into and start using SecurityFilter. No matter what DB (even OODB) you do the same thing (implement a couple a methods, and set up 2 config files: one is just an addition to web.xml and the other is a config file for security filter which I think mine is about 10 or so longs long). BTW, no using vendor specific implementation either. Not to mention the support is free and probably as good as you could expect (free or not free). I use SecurityFilter and I still am able to use the struts role attribute in the Action element of the struts config as in: <action path="/doSomething" role="Administrator" ...> without any changes to SecurityFilter. I agree my case (of using OODB) is no the norm but I know the place I work at would not have predicted even 6 months ago they would be using Objectivity (for storage of the large objects they decided to go that route). My point is that SecurityFilter took me less time to figure out and implement and therefore, not only more portable than CMA but also more flexible. Just my .02sense -----Original Message----- From: Vic Cekvenich [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 9:16 AM To: [EMAIL PROTECTED] Subject: Re: Best place to hook the Security Call There are no additional classes required. Just like you use JNDI to look up a containers connection pool. I think it best practice to use container security. .V Alen Ribic wrote: > Security is really my week side but AFAIK your Container Manager Security > does have certain container specific configurations and even requirement for > additional java classes to be coded. > > As I said "Security Filter" component has a small, simple realm interface > that is portable across different servers. > > --Alen > > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > Sent: Monday, August 04, 2003 2:34 PM > Subject: Re: Best place to hook the Security Call > > > >>I agree with Alen, but at the same time if all the containers are >>supporting J2EE security standards then porting to different containers >>should not be an issue. SecurityFilter as I just browsed through seems >>interesting but all the latest J2EE containers will have to support > > Servlet > >>2.3 for using the same. Alternatively whatif I write my own security piece >>by looking up LDAP for A&A (authentication and authorization) and this >>piece would be called from some place in the STRUTS control flow so that >>for everyrequest security would be validated. >> >>Thanks >>Sreekant G. >>TCS AMBATTUR >> >> >> >> "Alen Ribic" >> <[EMAIL PROTECTED] To: "Struts Users > > Mailing List" > >> > > > <[EMAIL PROTECTED]> > >> cc: >> 08/04/2003 04:25 Subject: Re: Best place to > > hook the Security Call > >> PM >> Please respond to >> "Struts Users >> Mailing List" >> >> >> >> >> >> >>If I'm not mistaken, this approach is container specific hence would make >>deployment on difference container(s) not as smooth as one would wish. >>I may be wrong so please correct me! I'm not very clued up in this area. > > ;) > >>I have privilege working with servlet 2.3 and am now using SecurityFilter >>component (www.securityfilter.org) to handle my auth. Very simple! >> >>--Alen >> >> >> >>>Best place would be using container J2EE security, such as JDBC realms. >> >>>[EMAIL PROTECTED] wrote: >>>Which is the best place to hook the security call for an application in >> >>the >> >>>STRUTS framework so that for every request security check is made. Does >>>STRUTS provide integration with any Security framework ? >>> >>>thanks in advance. >>>Sreekant G. >>> >>> >>> >>> >>>------------------------------------------------------------------------ >>> >>>This mail was scanned by Interscan Virus Wall of Mailserver at Cathedral >> >>Road TCS Chennai >> >>> >>> >>>------------------------------------------------------------------------ >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >> >>-- >>Vic Cekvenich, >>Struts Instructor, >>1-800-917-JAVA >> >>Advanced <a href ="baseBeans.com">Struts Training</a>, mentoring and >>project recovery in North East. >>Open Source <a href ="baseBeans.com">Portal Content Management</a> >>basicPortal software. >> >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> >> > > > > ---------------------------------------------------------------------------- > ---- > > > >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] -- Vic Cekvenich, Struts Instructor, 1-800-917-JAVA Advanced <a href ="baseBeans.com">Struts Training</a>, mentoring and project recovery in North East. Open Source <a href ="baseBeans.com">Portal Content Management</a> basicPortal software. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
