struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mete Kural <>
Subject Advantages of Container-Managed Authentication ??
Date Thu, 18 Jul 2002 16:24:42 GMT

So far I thought that container-managed authentication
was the way to go. Why I thought so? I thought:

1) Since such authentication is implemented by experts
in the field there's a much greater chance that their
implementation would be much more secure to attacks
then my own application-managed implementation.

2) The container has much more control in a servlet
environment than a web-app. Therefore if the container
is aware of the user who is making requests rather
than just the web-app, this would be an added security

3) Struts tag library provides some neat tags such as
conditional tags based on the logged-in user's
identity and roles, and probably such tags will
flourish even more in the future. These tags support
only container-based authentication (am I right
here?). So if you're using container-managed
authentication you can use these tags, otherwise
you'll have to implement your own.

Do you guys think that three so-called advantages that
I've listed are really valid advantages and is there
any more advantages associated to container-managed

Basically I'm asking all these questions because I'm
trying to decide whether I should abandon
container-managed authentication and implement my own.


Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message