I've some more comments/concerns about this Draft.
- This is going to be another major revision of the API, as far as
deployment is concerned. It definitely simplifies matters.
- The .war file format is not well justified. Why can't an application
be jarred into one .jar file?
- [Sec 7.7.1] Can a session object be shared across sessions? Why is it
required that session objects take care of synchronization? Can you give
an example where this is required? Resources that are required across
multiple servlets can be shared using the SessionContext (and not
session), and such objects should be synchronized against threading.
- [Sec 11.5.2 - Form Based Authentication] This is good step. However,
my concern is that the way authentication is performed is left to the
vendor, and the application developer has no control over it. I suggest
that both should be possible. The spec should specify a means (using the
deployment descriptor) to specify a component (and an interface) that
can perform authentication, bypassing the vendor's implementation. This
is necessary to integrate the web application with existing
authentication systems.
Regards,
Subrahmanyam
-----------------------------------------------------------------------
Dr. Subrahmanyam A.V.B. http://www.Subrahmanyam.com
-----------------------------------------------------------------------
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
