Hello folks,
I think this question may be more j2ee than simply model 2 related, but
thought I would give it a shot here. I would like to utilize the security
mechanisms built into the j2ee (and servlet 2.2) spec but with a custom
authentication module.
More specifically, I want to be able to define security constraints using
the url-pattern matching techniques in the web.xml portion of my .war (which
is a portion of my .ear) but use an external application (or servlet or
whatever) to assign users to groups. This would allow great flexibility
when it comes to defining which directories, files, servlets, etc are
protected from which groups, users, and such. My authentication mechanism
performs authentication against our network servers as assigns individuals
to groups based on criteria which has been defined by management.
The problem with my current mechanism is that it requires me to code the
appropriate authentication checks into every jsp and / or servlet which can
be very tedious when I am changing security on specific files, entire
subdirectories, or even a full application itself. On the other hand, this
can be accomplished very easily using the url-pattern matching techniques
available in the servlet 2.2 spec.
What I am asking is quite possibly not possible, but hopefully you folks can
give me some alternative approaches to solving this problem. Also, let me
mention that adding 5500 users and passwords to each application's
principals.xml is not very feasible as a solution :)
So in conclusion, assuming I can authenticate a user and add this user to a
group in an "Action class", how can i force the web application server to
"recognize" these users and respective groups without having to code it into
each jsp / servlet?
Thanks in advance, hopefully this question makes some sense to sombody who
can provide me with an answer (or idea)
-jeff
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
