The SecurityFilter aims to solve among others, one big and strange problem with the way Servlet Containers treat secured URLs. It makes unsolicited login request forms doable - though still not perfect. Sure, I would have expected Servlet Container Standard to address this painful problem by now, but no. Servlet Containers still treat the web as a bunch of unsecured/secured resources. This is fine for a web site where some files are protected and some are not. However in MHO this does fit well enough when developing a web application, causing some major headaches, not to mention the login issue.
The securityFilter is not perfect, and for one, it still does not work with SSL. If there's another way that I missed to achieve this unsolicited login, please do tell. -Erez E -----Original Message----- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED] Sent: Monday, April 05, 2004 8:42 AM To: Struts Users Mailing List Subject: Re: Design Question Erez Efrati wrote: >Hi, > >I am developing an EJB/Struts J2EE application. >Up to now I have dealt with the design of the customer web application >side >and I came to the admin area - the back office web application part. >I should also point out that I am using the securityFilter filter for >authentication. > >My question is what is recommended as for the admin web app? Should I >use only one single Web module that >Manages both customer and admin (back-office) tasks? And if so, how do I >enforce authentication rules in terms of URL structure? > >Or, should I have two separated Web modules (contexts) - one for the >Customer app, and the other for the Admin app? > >I also saw something about Struts modules, is it related? > >Thanks in advance, > >- Erez > > The most important consideration is that EJBs are going to work *only* if you are using real container-managed security ... not some simulation like that provided by SecurityFilter. Nothing in the EJB tier is going to recognize your "users" as being actually authenticated. Craig McClanahan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]