After I read HFB Sercurity chapter, I want to discuss it with you about this:
I have 2 years experience of developing a web application using
struts, for authentication and authorization, we store the user (user name / password) and the user-role in Database.
Authentication (in Action class):
We use this approach to do Authentication and Authorization, I think it is a good approach so far. Since I use database to store the security info, I can modify it at run time. In addtion, this approach did not tie to any vendor product, so this will work no matter I use
Tomcat or other web container.
I just wonder what's the advantange of using the
J2EE Security mechanism describe in HFB ? (I found there are many vendor-specific configs, like setting tomcat-user.xml ....).
Could anyone share your experience of how to implement your webapp security ?
Or, is it possible to INTEGRATE both both of them (The one I use and one described in HFB) ?