> -----Original Message----- > From: Joe Hertz [mailto:[EMAIL PROTECTED] > Sent: Friday, August 27, 2004 10:01 AM > To: 'Struts Users Mailing List' > Subject: RE: Question about authentication > > > > > > > > THIS IS NOT A TOMCAT OR STRUTS ISSUE. THIS IS THE WAY THE > > SPEC SAYS TO DO IT. > > > > Thank you for your time. > > Don't think I tried implied otherwise. Just that I've only > seen how this > works on Tomcat and that I wasn't speaking to other containers.
Sorry.... this point is a bit sore for me because I think the spec should be changed. If I can get enough people PO'd about it, then it will. > > But given that it's a spec thing I'm not sure why Struts dude > is concerned > about it not being portable from container to container then though... Coz he's either doesn't know the spec (very likely, he's apparently new), or he's referring to all the different security backends (using LDAP, KEREBEROS, etc) that are dependant on what the container supports. > > > > Basically, using this method, it's just not possible to allow > > > the user to > > > log in before trying to grab a protected resource. He has to > > > try it first > > > and ONLY THEN, will he get a login prompt. > > > > Yes, per the spec NOT tomcat. > > Yes, so you've said. :-) > > > AND, you can do all this with a servlet and container managed > > security. See appfuse code for details. > > I'm sure there are alot of ways to skin that particular cat. > > What's the advantage of doing it that way over a filter? Still uses the declarative model, which puts the filter burden on the container. Allows the user of all the handy little built in security methods of the servlet and JSP spec, relieving the programmer of that particular bit boilerplate for managing it all in an application. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
