Antony Bowesman wrote:
>
> Punky Tse wrote:
> >
> > Rob,
> > Please see below for rephrased version of Introduction and
> > Administrator Guide.
> >
> > I combined the Introduction and Administrator's Guide to Administrator
> > Guide. Actually this is my proposed TOC. And I believe that we need
> > separate document for different Tomcat servers. e.g. 3.3 and 4.0.
> >
>
> <snip>
>
> > II. Server Administration
> >
> > 6. Configuring Server
> >
> > 7. Configuring Web Applications
> >
> > 8. Security
>
> How about
> 8.1 Concepts - Explanation of J2EE and Java 2 security models
> 8.2 Authentication with Realms
> 8.2.1 Simple realm
> 8.2.2 JDBC Realm
> 8.2.3 Custom realms
> 8.3 Authorization
> 8.3.1 J2EE role based
>
> In particular, it should try to explain in simpler terms than the API
> spec how J2EE roles are designed to work, covering the mapping from
> developer roles to deployment roles.
>
> 8.3.2 Java 2 security policy
>
I would break the above into two sections.
Access Control (for all the Realm based access control)
and
Server Security (for configuring and using Tomcat with the Java SecurityManager)
These really are two completely different topics. And use of Realms isn't
"Security", it is "Access Control".
Regards,
Glenn
----------------------------------------------------------------------
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
