There are a few different approaches to providing authentication in a web app.
Declarative security (or container managed security) allows you to specify roles in your web.xml, and then constrain resources so they are only accessed by specific roles.
If you are familiar with JAAS you could write a custom JAAS module that can compliment declarative security.
There is also the old standby, which involves writing a filter that applies to any constrained resources. This filter can check session data for the appropriate login information, forwarding on to the correct resource if authentication in present, and to a login module if it is not...
Tell us more about the type of requirements you have for security, and we can help point you in the right direction.
“Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.” - Rich Cook
Joined: Dec 08, 2004
Thank you Paul for your answer,
I'm not familiar with JAAS, but I can learn it with your help if you want. What I usually used is the standard method via the webserver(Resin). In my web.xml I define the roles and the page(s), dir(s) that each rol can acces.
I also wrote my own login framework using MVC. What I really want to do, is to try something new like the JAAS modules!
Since you have been using declarative security already, you are familiar with both the advantages and disadvantrages of it. JAAS is a nice alternative, although there are other, just as good ways to implement security.
JAAS is not terribly difficult to learn, but you need to start with understanding the underlying functionality of it. Here is a very good introduction to JAAS. It is a couple years old, but is still extremely informative. Give it a read, and then let me know what questions you can have and I can try and help out.