On Thu, 27 Jan 2005 11:02:35 -0600, Joe Germuska <[EMAIL PROTECTED]> wrote: > At 9:46 AM -0600 1/27/05, Jerry Jalenak wrote: > >Joe - > > > >Your comment > > > >My main issue with Container Based auth is its inability to support > >user-initiated login -- it only works by intercepting a request for a > >normal resource and then challenging for login. > > > >struck a chord with me - it's one of the reasons I've never looked at > >implementing CMS. How do you handle this? Roll your own?
Look at what appfuse does. Matt Raible has user initiated and remember me functionality with CMS. It's not really that complicated. > > Yes; it's not too hard to come up with a simple user model, although > obviously more sophisticated apps can be a headache to build from > scratch. > > If you have some mechanism to get a user into the session, then it's > not too hard to override the "processRoles" step in the request > process to provide struts-config level declarative security > comparable to what happens by default using container-managed > security. I haven't had call to try to replicate the tag-library > behavior. We usually have interfaces that are different enough based > on role that it's just as well to have separate templates as to try > to have one with a bunch of conditionals. > > There was a pretty good JDJ article about two years ago which laid > out all the flaws of container based security -- besides the > aforementioned "no-user-initiated login", it's pretty hard to use > container managed security on resources which don't *require* > authentication, but behave differently after authentication. I never > tried to use their implementation, and the Filter-nature of Security > Filter makes it look like probably a better solution to the same > problem. (Two years ago, we may not have been on Servlet 2.3 yet, > but that's not an issue now...) > > Joe > > -- > Joe Germuska > [EMAIL PROTECTED] > http://blog.germuska.com > "Narrow minds are weapons made for mass destruction" -The Ex > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- James A Barrows --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
