cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <>
Subject RE: Authentication
Date Fri, 24 Sep 2004 07:04:03 GMT
At 9/23/2004  11:42 PM, you wrote:
>Just curious, as I am trying to get authentication/authorization done
>right myself...
>If you only use it for authentication, then why don't you just use the
>security provided by J2EE?

I guess I wasn't too clear. Authorization is still performed in the web 
container.  JAAS just isn't used to do it. Cocoon's authentication 
framework is also used to validate every request.  Authorization is 
performed through a PermissionSelector.  This allows end users to have the 
same request fulfilled differently depending on their permissions. 

View raw message