Frank W. Zammetti wrote: > Noel J. Bergman wrote: > > I also see that JSecurity web support relies on a return to > > application-level security based on a filter, rather than rely on container > > management, which has evolved as a cornerstone of Java programming. > > The reliance on a filter is probably because JSecurity is not (yet?) integrated > > with the Java standards in the security space. > > I've been watching this proposal because I'm very interested in > JSecurity as a whole, but I think Noel raises an interesting point > here. At least in Websphere, you can have container-managed security on > the method-level for EJBs, which doesn't have to be called form a > webapp, so a filter-based approach couldn't provide this. I'd LOVE to > be able to get rid of IBM's security subsystem and replace it with > JSecurity, but if it can't allow the same sort of thing then I can't do > that.
Orthogonal issue, but potentially instructive -- what don't you like about IBM's subsystem? FWIW, container-managed, role-based, authorization on web contraints and EJB method permissions is straight from the specifications. > Is that capability, or lack thereof, a limitation inherent in the > approach JSecurity has taken, or is it just a case of a feature > that is planned for down the road? Possibly the latter, if they were to provide support for JACC (http://java.sun.com/j2ee/javaacc/) aka JSR-115 (http://www.jcp.org/en/jsr/detail?id=115). --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
