Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Share my WebApp Security implementations experience

 
Vince Hon
Ranch Hand
Posts: 117
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After I read HFB Sercurity chapter, I want to discuss it with you about this:

I have 2 years experience of developing a web application using struts, for authentication and authorization, we store the user (user name / password) and the user-role in Database.

Authentication (in Action class):


We use this approach to do Authentication and Authorization, I think it is a good approach so far. Since I use database to store the security info, I can modify it at run time. In addtion, this approach did not tie to any vendor product, so this will work no matter I use Tomcat or other web container.

I just wonder what's the advantange of using the J2EE Security mechanism describe in HFB ? (I found there are many vendor-specific configs, like setting tomcat-user.xml ....).

Could anyone share your experience of how to implement your webapp security ?

Or, is it possible to INTEGRATE both both of them (The one I use and one described in HFB) ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic