This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Share my WebApp Security implementations experience  RSS feed

Vince Hon
Ranch Hand
Posts: 117
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After I read HFB Sercurity chapter, I want to discuss it with you about this:

I have 2 years experience of developing a web application using struts, for authentication and authorization, we store the user (user name / password) and the user-role in Database.

Authentication (in Action class):

We use this approach to do Authentication and Authorization, I think it is a good approach so far. Since I use database to store the security info, I can modify it at run time. In addtion, this approach did not tie to any vendor product, so this will work no matter I use Tomcat or other web container.

I just wonder what's the advantange of using the J2EE Security mechanism describe in HFB ? (I found there are many vendor-specific configs, like setting tomcat-user.xml ....).

Could anyone share your experience of how to implement your webapp security ?

Or, is it possible to INTEGRATE both both of them (The one I use and one described in HFB) ?
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!