[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ajug-members]: Security question
Yeah, I've definitely done this, and definitely encourage it. J2EE
security can be quite powerful, yet so many people spend so much time
unnecessarily reinventing it. This is one area where being inside a
J2EE container really works some magic, and adds a lot of value.
One thing I would advise is not to bend over backwards trying to stick
exclusively to declarative security. Sometimes, especially in the view,
you may need to check things programmtically in order to selectively
render parts of the page based on user permissions. There's a jakarta
request taglib that has a request:isUserInRole tag that is useful, and
if you are using Struts, take not that it supports role-based security
in restricting access to Struts actions.
Chinmay Nagarkar wrote:
>Another dumb security question...
>Our team have Tomcat 5.0.18 and Jboss3.2.3 running as Web-container and
>app-container respectively. We want to use form based authentication on the
>web-container and standard J2EE declarative security to allows authorized
>access to EJBs.
>Does anyone have any experience with this type of requirement? I'm looking
>for a 'Aye' or specific words of caution.