struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nelson, Laird" <Laird.Nel...@FMR.COM>
Subject RE: Struts/Container-Managed Authentication Question
Date Thu, 18 Jul 2002 17:14:49 GMT
> -----Original Message-----
> From: Craig R. McClanahan []
> I do not believe there will ever be such a thing as a "generic"
> application security solution that meets a large majority of people's
> needs.  The problem is that the needs (well, at least their 
> wants :-) vary
> too much, so any given "application security solution" is 
> going to have
> its own design limits that people are going to run into.

A nice middle ground that would not require boiling the ocean would be a
simple interface that allows callers to add, update and remove users and
roles.  I find that the only thing I usually need above and beyond the
current container-managed security API is the ability to create new users
and roles.  Every container I've worked with has the ability to make these
calls with their own APIs--all the concepts and logical objects are the
same--but the implementations basically suffer from name incompatibilities.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message