Jan, Thanks for the quick reply.
> -----Original Message----- > From: Jan Bartel [mailto:[EMAIL PROTECTED] > > You don't necessarily have to replace a particular Jetty Handler. > Handlers are arranged in a chain, so to introduce new behaviour it is > possible to just insert another Handler in the chain. Not > sure if this > will be possible here or not. It's not possible since the web container must solely rely on the JACC permission check. If I put a JaccHandler in the chain, after the SecurityHandler, it effectively short circuits the JACC permission check. If I put the JaccHandler before the SecurityHandler, it virtually removes the SecurityHandler. > Also, there is an access point into the web app context that > is called > as a thread enters and leaves a web app which might be > another place to > look at if you need to set up any thread local stuff (we've already > subclassed the standard Jetty web app as > o.a.g.w.jetty.JettyWebApplicationContext). Good idea. Thanks for the pointer. > Finally, however it is done, we need to keep in mind that we > must also > be able to plug-in other web containers. Yep, I think I'm there on that account w/ the basic building blocks, their mbeans, and utility classes. > Let me have a read of the JACC spec so I have a better understanding > what is required and I can comment better. Some advice, skim chapter three. It's a tedious spec on how to translate the descriptors into sets of Permissions. Chapter 4 is where the tire hits the road, more specifically section 4.2. Regards, Alan ---------------------------------------------------------------- Visit our Internet site at http://www.reuters.com Get closer to the financial markets with Reuters Messaging - for more information and to register, visit <http://www.reuters.com/messaging> Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Reuters Group.
