tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Assaf Arkin <ar...@exoffice.com>
Subject Re: Security in tomcat
Date Fri, 11 Feb 2000 20:11:22 GMT
"Craig R. McClanahan" wrote:
> 
> jon * wrote:
> 
> > on 2/10/00 11:42 AM, costin@eng.sun.com <costin@eng.sun.com> wrote:
> >
> > > Hi,
> > >
> > > There are 3 issues with implementing security:
> >
> > I feel pretty strongly that this should not be implemented in the servlet
> > engine. It should be implemented in the framework that you use.
> >
> > That is why I came up with Turbine in the first place. It gives you the
> > ability to implement security any way that you want very easily.
> >
> 
> However, in order to conform to the servlet spec 2.2 requirements, this
> stuff *must* be implemented within the servlet container.  Thus, the issue
> of how to do so remains.
> 
> Also, if you have a 2.2 container that supports this, you no longer have to
> worry about it at the application level at all ...

Actually implemented as a separate back-end that plugs into the Servlet
container and exposed through the Servlet API.

This way you get authentication and security not just for your
application, but for all the resources you application is using (EJB,
JDBC, LDAP, etc).

That's not something an application can give you without writing lots of
code.

arkin


> 
> >
> > -jon
> >
> 
> Craig
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

-- 
----------------------------------------------------------------------
Assaf Arkin                                           www.exoffice.com
CTO, Exoffice Technologies, Inc.                        www.exolab.org

Mime
View raw message