struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Hill" <andrew.david.h...@gridnode.com>
Subject RE: Using CheckLogin tag from within tiles
Date Tue, 08 Oct 2002 04:31:05 GMT
My (exceedingly limited) understanding of CMA was that it was very container
specific. If so what approach do you recomend for an app (accessing ejbs)
which customers are to run in their own container, where at development time
one desnt know which container will be used?

Is it better to ditch CMA and hope for the best from a home grown solution,
or to try and find the resources to write seperate versions of the app for
each of the major containers?

(Or tell em they can have any container so long as its Tomcat? (This would
be my choice if I was dictator for life ;->))

-----Original Message-----
From: Craig R. McClanahan [mailto:craigmcc@apache.org]
Sent: Tuesday, October 08, 2002 02:27
To: Struts Users Mailing List
Subject: Re: Using CheckLogin tag from within tiles




On Mon, 7 Oct 2002, Eddie Bush wrote:

> Date: Mon, 07 Oct 2002 12:22:23 -0500
> From: Eddie Bush <ekbush@swbell.net>
> Reply-To: Struts Users Mailing List <struts-user@jakarta.apache.org>
> To: Struts Users Mailing List <struts-user@jakarta.apache.org>
> Subject: Re: Using CheckLogin tag from within tiles
>
> Oh - one more thing.  Filters really are a lot more flexible in that
> they can be deployed with the application.  I've heard of instances
> where hosting providers wouldn't configure realms for folks (nor would
> they do anything else that required a server config change) - and that
> is where a Filter would become an absolute necessity!
>

One other thing to note about any non-CMA approach -- they don't help you
much (if at all) if you are accessing EJBs from your actions.  From the
point of view of the EJB container, all these requests will appear to be
from an unauthanticated user identity.  You can establish a <run-as>
identity in web.xml for these cases, but this applies to *all* EJB calls.

If you want the EJB layer to be able to make role-based access decisions
depending on who the logged in user is, you must use container managed
security.

> David Graham wrote:
>
> > I've never used CMA because of potential implementation differences
> > across containers.  Are those fears justified?  I have used the Filter
> > approach and found it to be easy and portable.
> >
> > Dave
>
> --
> Eddie Bush
>

Craig


--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message