Fokko Degenaar

Greenhorn
+ Follow
since Jan 23, 2004
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Fokko Degenaar

Originally posted by karthik Guru:
But I found that J2EE security doesn't integrate with JAAS either.


At the time we started to develop our application, JAAS wasn't mandatory for app servers, so we used a proprietary interface. AFAIK, all major vendors of J2E servers had one interface or another to connect to a custom security repository.
Anyway, J2EE security and JAAS seem to go together rather well:
JAAS LoginModule in the J2EE Application
Security:
I can't agree on that one. The nice thing about having a standard here is to be able to interface to all sorts of proprietary security repositories. We did so and it worked from day #1.
With regard to the deployment descriptors we found security to be much easier to deploy with EJB's than with servlets:
We handled the necessary entries in a simple Excel sheet. One table for use cases and their roles, the other one for EJB methodes and use cases. The XML is generated by a 60-line Excel macro. Copy and paste into ejb-jar.xml, voila. Plus the XML is still human-readable due to being use case oriented.
The only thing we did miss though, was to be able to peek into web.xml and disable a menu entry, if the user is not allowed to invoke the target URL.