 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / October 2003JAAS - Suitability
We are working on a web application and late in the game someone has decided that they want certain artifacts (buttons, text fields, etc) to be accessable based on the user's assigned role. Someone has suggested using JAAS. However, after looking into it I do not believe this would be the best route considering that JAAS denies access via an exception. Exceptions should only be used for exceptional, unexpected conditions and having each page throw a handful of exceptions would be a burden on the system. Now, I could endorse using JAAS in conjungtion with another API that the JSP can take advantage of via logic tags and wrap the context sensitive artifacts. That way, I should only have security exceptions if someone is attempting to hack a page or if the JSP is wrong. Any rules of thumb? Had the reply-to set wrong. Thanks > We are working on a web application and late in the game someone has > decided that they want certain artifacts (buttons, text fields, etc) to [quoted text clipped - 11 lines] > > Any rules of thumb? > Had the reply-to set wrong. Thanks > [quoted text clipped - 13 lines] >> >>Any rules of thumb? What is wrong with plain old Realm.isUserInRole(...) and the standard authentication means? David Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.