struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "AJ Morris">
Subject RE: Security for Actions or ActionClasses?
Date Thu, 29 Nov 2001 15:10:56 GMT
True, ultimately it is the container reports back the roles. The security
methods are part of the JDK, such as isUserInRole(), getUserPrinciple(),
etc. However, each container implements the underlying architecture
differently, including the assignment of users, roles, and groups
differently. For example, Tomcat offers the concept of realms -- MemoryRealm
or JDBCRealm. Websphere implements this totally differently, by accessing
the underlying Local Operating System registry, LDAP, or by exposing an API
for custom plugins.

Editorial:: Tomcat has the best security implementation I've seen, while
Websphere's approach is senseless; LocalOS? What's up with that?

-----Original Message-----
From: []On Behalf Of
Fyodor Golos
Sent: Thursday, November 29, 2001 7:09 AM
To: Struts-User
Subject: Re: Security for Actions or ActionClasses?

Nic's package looks very interesting! However, in the end it's the
container that reports back which role the user is in, correct? I am
still puzzled as to how to implement that part. Is it
container-specific? In other words, when I implement role-based
security, do I just lock myself into, say, Tomcat, and stick to it
forever? That kinda hurts portability. Anyone cares to correct me?

Fyodor Golos
ResGen, Invitrogen Corporation
2130 Memorial Pkwy, SW
Huntsville, AL 35801
Phone: 800-533-4363
Direct: 256-327-4297
Fax: 256-536-9016

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message