Craig R. McClanahan wrote:
Pardon me for butting in on this thread, which isn't mine, but I have a question...It seems a little convoluted, but, what it buys me is, any Servlet container which supports form-based authentication, and which supports JAAS for realms (or equivalent), can harness this toolkit. I assume (but have not verified) that this buys me into the major J2EE containers -- Weblogic, SunONE, Websphere, etc, in addition to my favorite (Tomcat). Does this sound like it would work?Ah, if only it would ... it would require a change to the servlet spec to allow filters to perform "container managed security" authentications.From a container writer's point of view, I get a little uneasy thinkingabout delegating this responsibility to an application -- but I can see some use cases for it.
My webapp uses its own authentication system, where every resource is protected by a filter that consults the session to see if the user is authentic or not, and if not, then redirects to the login page. Is this the scenario that, above, you describe as making you feel a little uneasy? I'm just curious if there's any conventional wisdom about webapp authentication of which I am out of the loop and haven't heard yet.
If this is the case, what are some use cases that would need something like that?
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
