For what it's worth we use a combination of both JAAS and a custom AuthInterceptor.
JAAS handles authentication and the AuthInterceptor manages authorisation. This leverages off the strength of JAAS and has the flexibility required for our needs. A couple of sources of useful information are: 1. the JAAS in Action book (free) 2. WebWork in Action 3. Mark Mernards Blog has good example of implementing an interceptor. Z. > Hi > > I notice that there have been a few threads over the last couple of > days where people have been talking about implementing login > authentication via a Struts2 interceptor. Could someone simply outline > the reason why they would want to do it this way rather than using > container authentication? > > Regards > Roger > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
