The J2EE security model is great to emulate, I've used it on other projects.
Its much stronger then a wrapper around Basic Auth. You can specify different types of authentication, including Basic Auth, and the traditional html Form based login. Then you can change the authentication method, or include other servlets in the secure zone just by changing the deployment descriptor. I achive a similar webware effect by putting my login system into a 'SecurePage' class and then all of the site pages that use that security model would be subclassses of that. I suppose an easy Webware approach would be to use a security mixin and have that be injected at context load time. -Aaron ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 6:54 AM Subject: [Webware-discuss] Successful http authentication > Magnus Lie Hetland <[EMAIL PROTECTED]> wrote: > > > >After our previous discussion about http authentication, I decided to > >go with mod_auth_pgsql -- and it works just fine, together with a > >Location entry in httpd.conf (which specifies the path including > >WebKit.cgi). Now I don't have to think about the password handling > >beyond having a proper table in my database (which I'll be using > >anyway). Seems like a nice solution to me. > > This reminds me of what you can do with Apache Tomcat and Java servlets. With > that product, it's possible to set up a "realm" which uses a particular > authentication mechanism (file, JDBC, LDAP via JNDI), but an interesting thing > with recent servlet developments is that you can specify a login form in your > application's "deployment descriptor" (I suppose this is a bit like > a "Location" section in vanilla Apache) which automatically appears if a user > enters a protected zone. This login form uses standard field names which are > then automatically validated against a realm by Tomcat itself and, subject to > the response from the realm, a redirect to either an error page or the original > page to be visited occurs. > > Effectively, it's basic authentication without the login window (and presumably > with session trickery going on behind the scenes), but it seems quite nice and > is potentially something like Magnus could use... or implement in Webware? ;-) > > Paul > > -- > Get your firstname@lastname email at http://Nameplanet.com/?su > > _______________________________________________ > Webware-discuss mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/webware-discuss _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
