The SecurityFilter aims to solve among others, one big and strange
problem with the way Servlet Containers treat secured URLs. It makes
unsolicited login request forms doable - though still not perfect. Sure,
I would have expected Servlet Container Standard to address this painful
problem by now, but no. 
Servlet Containers still treat the web as a bunch of unsecured/secured
resources. This is fine for a web site where some files are protected
and some are not. However in MHO this does fit well enough when
developing a web application, causing some major headaches, not to
mention the login issue.

The securityFilter is not perfect, and for one, it still does not work
with SSL. If there's another way that I missed to achieve this
unsolicited login, please do tell.

-Erez E

-----Original Message-----
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 05, 2004 8:42 AM
To: Struts Users Mailing List
Subject: Re: Design Question

Erez Efrati wrote:

>Hi, 
> 
>I am developing an EJB/Struts J2EE application. 
>Up to now I have dealt with the design of the customer web application
>side 
>and I came to the admin area - the back office web application part. 
>I should also point out that I am using the securityFilter filter for
>authentication.
> 
>My question is what is recommended as for the admin web app? Should I
>use only one single Web module that
>Manages both customer and admin (back-office) tasks? And if so, how do
I
>enforce authentication rules in terms of URL structure? 
> 
>Or, should I have two separated Web modules (contexts) - one for the
>Customer app, and the other for the Admin app?
> 
>I also saw something about Struts modules, is it related?
> 
>Thanks in advance,
> 
>- Erez
> 
>
The most important consideration is that EJBs are going to work *only* 
if you are using real container-managed security ... not some simulation

like that provided by SecurityFilter.  Nothing in the EJB tier is going 
to recognize your "users" as being actually authenticated.

Craig McClanahan




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to