struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ade Barkah" <>
Subject RE: container managed security
Date Sun, 14 Jul 2002 05:39:58 GMT
Actually, in my experience, any "real" application with moderate
complexity will have security needs beyond what current container-
managed authorization schemes can provide... i.e. most apps will
need to use both container and application managed security.

I'd even go one step further to say that most "real" apps I've
seen use application-managed security primarily, and container-
managed security "superficially" (beyond authentication.)


-----Original Message-----
From: Tero P Paananen []
Sent: Friday, July 12, 2002 5:24 PM
To: Struts Users Mailing List
Subject: RE: container managed security

> Something like this, or some portable container-level API with
> functionality similar to what Tomcat's (4.1.x) "UserDatabase" provides, is
> a long term goal of the platform.  Unfortunately, it is *substantially*
> more complex than you might think to identify what a "user" is in a manner
> that is portable across all desireable use cases -- let alone how they
> should be authanticated.  It's not going to be a short term effort to
> standardize this.

Maybe put in a baseline implementation (role based authentication)
with express instructions to really, really, really use container
managed security for mission critical software?

That way people interested in fast prototyping or using Struts for
personal projects could use platform independent user authentication
and people who require "real" solutions would still be able to use
the J2EE security model.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message