Well, the real problem I encountered with JAAS (which brought me to choose for my own, platform-independent, solution - which for the EJB part will make use of the JAAS API anyway) is that the realms provided by vendors are vendor-specific. Therefore, should I have a solution valid on JBoss I cannot port it to WS (let's say) or Bea and having it working without code changing. In all my application I stress the concept: build once, run anywhere, and security shouldn't be different.
Marco ----- Original Message ----- From: "Oliver Wulff" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, September 28, 2003 1:28 PM Subject: Antwort: Re: Antwort: Migration from 4.1.x to Tomcat 5 We had something similar in our company too, but we want to get rid of custom security code (proprietary). The Java developer should have to possibility to use the Java Servlet API for security issues (web.xml, isUserInRole(), getUserPrincipal(), etc.). We have integrated our authentication/authorization system by a custom realm. So, the life of the Java developer gets much easier (built on pure standard) and makes him independant from company specific systems and code. So we could migrate to another security system without any changes to the application code. We only have to change the realm and our Tomcat package. BTW, JAAS is getting more and more important. A lot of security system provider are also providing a JAAS LoginModul to integrate their security system (ex. IONA ISF) into different application container. JBoss and BEA are already supporting JAAS. Tomcat does have a JAAS Realm too but I think it's beta. I guess, that JAAS will be part of the J2EE spec in the future - would make sense, wouldn't it? Oliver ****************************************************************** Oliver Wulff Zürich Versicherungs-Gesellschaft IA4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 58 07 Fax: +41 - 1 623 58 07 E-Mail: mailto:[EMAIL PROTECTED] "Marco Tedone" <[EMAIL PROTECTED] An: "Tomcat Users List" <[EMAIL PROTECTED]> rg> Kopie: Thema: Re: Antwort: Migration from 4.1.x to Tomcat 5 28.09.2003 14:10 Bitte antworten an "Tomcat Users List" I implemented a security model independent from the container. Basically it is based on db/validation and session management through taglibs to display/allow functionalities to authorized users. Marco ----- Original Message ----- From: "Oliver Wulff" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, September 28, 2003 1:08 PM Subject: Antwort: Migration from 4.1.x to Tomcat 5 Hi Marco I don't know Tomcat 5.x but what do you mean with your personal security model? Have you implemented a custom realm? Oliver ****************************************************************** Oliver Wulff Zürich Versicherungs-Gesellschaft IA4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 58 07 Fax: +41 - 1 623 58 07 E-Mail: mailto:[EMAIL PROTECTED] "Marco Tedone" <[EMAIL PROTECTED] An: "Tomcat Users List" <[EMAIL PROTECTED]> rg> Kopie: Thema: Migration from 4.1.x to Tomcat 5 28.09.2003 13:51 Bitte antworten an "Tomcat Users List" Hi, which are the key anspects I shall keep in mind when migrating from Tomcat 4.1.xx to version 5, keeping in mind that I'm developing Struts application? Which are the key technology anspects I shall review in my project architecture, particularly related to: 1) Servlets/JSP 2) Taglibs 3) Tomcat starting and stopping 4) WAR deployment 5) Security At present I deploy a WAR under webapps with taglibs defined in the web.xml file and make use of my personal security model (is there any reason Tomcat 5 should make things easier?), I stop and start it as a service (still available?). Will be JSTL and JSF natively implemented? Could I just drop my application from Tomcat 4.1.xx to Tomcat 5 without problems? Thanks for any reply, Marco --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
