Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Message-ID: <006601c385c3$3fe4ebf0$0402a8c0@jemoserver>
From: "Marco Tedone" <mtedone@jemos.org>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
References: 
 <OF9902B72A.38FCE234-ONC1256DAF.0043C2CB-C1256DAF.00448EE2@email.zurich.com>
Subject: Re: Antwort: Re: Antwort: Migration from 4.1.x to Tomcat 5
Date: Sun, 28 Sep 2003 14:20:13 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Well, the real problem I encountered with JAAS (which brought me to choose
for my own, platform-independent, solution - which for the EJB part will
make use of the JAAS API anyway) is that the realms provided by vendors are
vendor-specific. Therefore, should I have a solution valid on JBoss I cannot
port it to WS (let's say) or Bea and having it working without code
changing. In all my application I stress the concept: build once, run
anywhere, and security shouldn't be different.

Marco
----- Original Message ----- 
From: "Oliver Wulff" <oliver.wulff@zurich.ch>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Sunday, September 28, 2003 1:28 PM
Subject: Antwort: Re: Antwort: Migration from 4.1.x to Tomcat 5


We had something similar in our company too, but we want to get rid of
custom security code (proprietary). The Java developer should have to
possibility to use the Java Servlet API for security issues (web.xml,
isUserInRole(), getUserPrincipal(), etc.). We have integrated our
authentication/authorization system by a custom realm. So, the life of the
Java developer gets much easier (built on pure standard) and makes him
independant from company specific systems and code. So we could migrate to
another security system without any changes to the application code. We
only have to change the realm and our Tomcat package.

BTW, JAAS is getting more and more important. A lot of security system
provider are also providing a JAAS LoginModul to integrate their security
system (ex. IONA ISF) into different application container. JBoss and BEA
are already supporting JAAS. Tomcat does have a JAAS Realm too but I think
it's beta.
I guess, that JAAS will be part of the J2EE spec in the future - would make
sense, wouldn't it?

Oliver

******************************************************************
Oliver Wulff
Z�rich Versicherungs-Gesellschaft
IA4, CoC Middleware
Postfach, 8085 Z�rich
Telefon: +41- 1 628 58 07
Fax: +41 - 1 623 58 07
E-Mail: mailto:oliver.wulff@zurich.ch


                      "Marco Tedone"
                      <mtedone@jemos.o         An:      "Tomcat Users List"
<tomcat-user@jakarta.apache.org>
                      rg>                      Kopie:
                                               Thema:   Re: Antwort:
Migration from 4.1.x to Tomcat 5
                      28.09.2003 14:10
                      Bitte antworten
                      an "Tomcat Users
                      List"


I implemented a security model independent from the container. Basically it
is based on db/validation and session management through taglibs to
display/allow functionalities to authorized users.

Marco
----- Original Message -----
From: "Oliver Wulff" <oliver.wulff@zurich.ch>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Sunday, September 28, 2003 1:08 PM
Subject: Antwort: Migration from 4.1.x to Tomcat 5


Hi Marco

I don't know Tomcat 5.x but what do you mean with your personal security
model? Have you implemented a custom realm?

Oliver

******************************************************************
Oliver Wulff
Z�rich Versicherungs-Gesellschaft
IA4, CoC Middleware
Postfach, 8085 Z�rich
Telefon: +41- 1 628 58 07
Fax: +41 - 1 623 58 07
E-Mail: mailto:oliver.wulff@zurich.ch


                      "Marco Tedone"
                      <mtedone@jemos.o         An:      "Tomcat Users List"
<tomcat-user@jakarta.apache.org>
                      rg>                      Kopie:
                                               Thema:   Migration from
4.1.x
to Tomcat 5
                      28.09.2003 13:51
                      Bitte antworten
                      an "Tomcat Users
                      List"


Hi, which are the key anspects I shall keep in mind when migrating from
Tomcat 4.1.xx to version 5, keeping in mind that I'm developing Struts
application?

Which are the key technology anspects I shall review in my project
architecture, particularly related to:

1) Servlets/JSP
2) Taglibs
3) Tomcat starting and stopping
4) WAR deployment
5) Security

At present I deploy a WAR under webapps with taglibs defined in the web.xml
file and make use of my personal security model (is there any reason Tomcat
5 should make things easier?), I stop and start it as a service (still
available?).

Will be JSTL and JSF natively implemented? Could I just drop my application
from Tomcat 4.1.xx to Tomcat 5 without problems?

Thanks for any reply,

Marco


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org