Re: App organization
Re: App organization
- Subject: Re: App organization
- From: Arturo Perez <email@hidden>
- Date: Mon, 24 Jul 2006 12:50:10 -0400
Robert Walker wrote:
First of all, you should really change your thinking about
WebObjects. You are not building a web site, rather you are building
an application that happens to present itself as HTML (among others)
to the user. If you want security in your application you add
security to your application. There are many good books, and some
nice examples on how to do this. I would recommend taking a look at
Chuck Hill's "Practical WebObjects" to get an idea of what I'm talking
about here. You will not be using Apache to secure your application's
components.
There is one situation where I would disagree with the above but I don't
know how conflict-y it is with WO. That is, some of the features of
J2EE container-managed security are very nice (automatic redirection to
form, support for HTTP authentication with no coding, etc). In that
case, when you deploy to Tomcat or other app-container you get all of
that security for free and you can just use
HTTPRequest.getUserPrincipal(). That's where I don't know if there's a
conflict when deployed in this way. Last time I did this I did use JAAS
internally but not the above.
-arturo
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden