Robert Walker wrote:
First of all, you should really change your thinking about WebObjects. You are not building a web site, rather you are building an application that happens to present itself as HTML (among others) to the user. If you want security in your application you add security to your application. There are many good books, and some nice examples on how to do this. I would recommend taking a look at Chuck Hill's "Practical WebObjects" to get an idea of what I'm talking about here. You will not be using Apache to secure your application's components.
There is one situation where I would disagree with the above but I don't know how conflict-y it is with WO. That is, some of the features of J2EE container-managed security are very nice (automatic redirection to form, support for HTTP authentication with no coding, etc). In that case, when you deploy to Tomcat or other app-container you get all of that security for free and you can just use HTTPRequest.getUserPrincipal(). That's where I don't know if there's a conflict when deployed in this way. Last time I did this I did use JAAS internally but not the above.
-arturo _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
