Tim Holloway wrote:Once you've been around here a while, you'll get mightily sick of hearing me denounce "Do It Yourself" J2EE security systems. I've a list about 12 items long as to why they're a bad idea, and one of them is because this kind of stuff is already, debugged, working and documented in the standard J2EE-defined security framework. Meaning you can spend your time on more profitable endeavours since the J2EE implementers have already done all the dirty work for you. Including figuring out how people would get around it.