Craig McClanahan wrote:
* What technology do you currently use for authentication and authorization in your web applications?
Acegi Security with a custom authentication DAO that accesses a JCR repository and various custom voters for authorization.
* If you don't use container managed security (i.e. the facilities defined in the servlet and J2EE, err, Java EE specifications), what capabilities would you need to have available before you'd consider using the container facilities?
i find it difficult to enumerate all the benefits i've gotten from Acegi Security. perhaps one of the most important is that i no longer have to write container-specific components to access uncommon data sources. also being able to chain authentication and authorization providers (not unlike JAAS actually) is key.
other great features: full regex support for path mapping, anonymous and run-as authentication, remember me services, integration with multiple SSO vendors, voting-based authorization with multiple vote-counting policies. also the ability to use the exact same configuration to secure your web layer (via a filter) and your business layer (via aspects on method invocations) - huge.
(i would have posted this to Greg's thread but for some reason java.net won't let me log in.)
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
