On 25/04/07, Zoran Avtarovski <[EMAIL PROTECTED]> wrote:
For what it's worth we use a combination of both JAAS and a custom
AuthInterceptor.
JAAS handles authentication and the AuthInterceptor manages authorisation.
This leverages off the strength of JAAS and has the flexibility required for
our needs.
A couple of sources of useful information are:
1. the JAAS in Action book (free)
2. WebWork in Action
3. Mark Mernards Blog has good example of implementing an interceptor.
Thanks for the pointer to the JAAS in Action book. Would anyone care
to be a bit more specific in regard to the "inflexibility" of
container managed authentication/authorisation? Is it a case of the
interceptor approach being better across the board, or is there a
point at which the choice tips from container to interceptor?
Regards.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
