My gripe with container managed authentication for Tomcat was the inability to have a login page I could show the user myself (it redirected the user to one, but showing one yourself wasn't possible). I would have used it myself if it did what I wanted. :-/
Your point is bigger than Container Mangled Security though. I mean, why would people write in VB 6? It's not portable between OS'. Not everyone cares about that to the same degree. Everyone has code that they would have to rewrite something if an underlying assumption fails. For some people the assumption is their choice of servlet container being used. > -----Original Message----- > From: struts Dude [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 26, 2004 11:16 PM > To: Struts Users Mailing List > Subject: Re: Question about authentication > > > Thanks Joe. Geee I wander why someone would > advocate for container managed security since > it's not portable between servers. > > :D > > > ----- Original Message ----- > From: "Joe Hertz" <[EMAIL PROTECTED]> > To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> > Sent: Friday, August 27, 2004 3:02 PM > Subject: RE: Question about authentication > > > > Take a look at http://www.securityfilter.org > > > > > Can u show me some links of tutorial on how to authenticate > > > users using > > > servlet filter?? > > > > > > I think servlet filter may be the most portable way for > > > authenticating user > > > since declarative authentication on web.xml is dependent > on Tomcat. > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
