tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Howto: call a Servlet from another Servlet (Example)?!
Date Mon, 20 Sep 2010 19:37:24 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Leo,

On 9/20/2010 3:05 PM, Leo Donahue - PLANDEVX wrote:
> Chris,
> 
>> -----Original Message----- From: Christopher Schultz
>> [mailto:chris@christopherschultz.net] Subject: Re: Howto: call a
>> Servlet from another Servlet (Example)?!
>> 
> - From my reading, the OP is doing his own authentication rather
> than using container-managed authentication.
> 
> -chris

> I thought rolling your own authentication, rather than using
> container-managed security for authentication, is a bad idea?  Is
> that just rhetoric?

That's a matter of perspective.

I'd recommend using container-managed authentication and authorization
to pretty much everybody. Or, failing that, at least use a library meant
for doing such things, like ACEGI or securityfilter: the folks in charge
of those projects have taken care to be spec-compliant (to the extent
possible and/or desired) and properly test their products to ensure that
they are safe.

Rolling your own authentication mechanism often leads to an insecure
system. It's also usually not necessary: container-managed security
works very well for most people, and the new servlet 3.0 changes to
authentication even (I believe) allow the webapp to request
authentication under certain other circumstances.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyXt/QACgkQ9CaO5/Lv0PBbEgCffmnSHPKJ12KCZmspuv0CdcWY
H5gAoLm4Yrwym1elDFvmFs+y0yta6+8P
=no35
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message