Others can chime in as well, but from my experience in the past, container-managed authentication is a little too rigid and doesn't offer anywhere near the flexibility of a custom-brewed authentication/authorization scheme. That's not to say a "custom" scheme need be entirely proprietary; we just implemented a JAAS-backed security framework for authentication and authorization, but which fully exposes in our source code (action classes and authorization interceptor) all steps of the process so we have control over things that container-managed security makes difficult (such as logging, counting of failed logins, integrating authorization rules into struts.xml, and so forth).
----- Original Message ---- From: Roger Varley <[EMAIL PROTECTED]> To: user@struts.apache.org Sent: Tuesday, April 24, 2007 5:32:54 AM Subject: [S2] Newbie. Authentification Interceptors Hi I notice that there have been a few threads over the last couple of days where people have been talking about implementing login authentication via a Struts2 interceptor. Could someone simply outline the reason why they would want to do it this way rather than using container authentication? Regards Roger --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
