tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Howto: call a Servlet from another Servlet (Example)?!
Date Mon, 20 Sep 2010 19:37:24 GMT
Hash: SHA1


On 9/20/2010 3:05 PM, Leo Donahue - PLANDEVX wrote:
> Chris,
>> -----Original Message----- From: Christopher Schultz
>> [] Subject: Re: Howto: call a
>> Servlet from another Servlet (Example)?!
> - From my reading, the OP is doing his own authentication rather
> than using container-managed authentication.
> -chris

> I thought rolling your own authentication, rather than using
> container-managed security for authentication, is a bad idea?  Is
> that just rhetoric?

That's a matter of perspective.

I'd recommend using container-managed authentication and authorization
to pretty much everybody. Or, failing that, at least use a library meant
for doing such things, like ACEGI or securityfilter: the folks in charge
of those projects have taken care to be spec-compliant (to the extent
possible and/or desired) and properly test their products to ensure that
they are safe.

Rolling your own authentication mechanism often leads to an insecure
system. It's also usually not necessary: container-managed security
works very well for most people, and the new servlet 3.0 changes to
authentication even (I believe) allow the webapp to request
authentication under certain other circumstances.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message