geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cabrera, Alan" <>
Subject RE: Jetty and JACC
Date Thu, 20 Nov 2003 21:29:51 GMT

Thanks for the quick reply.

> -----Original Message-----
> From: Jan Bartel [] 
> You don't necessarily have to replace a particular Jetty Handler. 
> Handlers are arranged in a chain, so to introduce new behaviour it is 
> possible to just insert another Handler in the chain. Not 
> sure if this 
> will be possible here or not.

It's not possible since the web container must solely rely on the JACC
permission check.  If I put a JaccHandler in the chain, after the
SecurityHandler, it effectively short circuits the JACC permission check.
If I put the JaccHandler before the SecurityHandler, it virtually removes
the SecurityHandler.

> Also, there is an access point into the web app context that 
> is called 
> as a thread enters and leaves a web app which might be 
> another place to 
> look at if you need to set up any thread local stuff (we've already 
> subclassed the standard Jetty web app as 
> o.a.g.w.jetty.JettyWebApplicationContext).

Good idea.  Thanks for the pointer.

> Finally, however it is done, we need to keep in mind that we 
> must also 
> be able to plug-in other web containers.

Yep, I think I'm there on that account w/ the basic building blocks, their
mbeans, and utility classes.

> Let me have a read of the JACC spec so I have a better understanding 
> what is required and I can comment better.

Some advice, skim chapter three.  It's a tedious spec on how to translate
the descriptors into sets of Permissions.  Chapter 4 is where the tire hits
the road, more specifically section 4.2.


      Visit our Internet site at 

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit <> 

Any views expressed in this message are those of  the  individual sender,
except  where  the sender specifically states them to be the views of The
Reuters Group.

View raw message