Re: App organization
Re: App organization
- Subject: Re: App organization
- From: Robert Walker <email@hidden>
- Date: Mon, 24 Jul 2006 15:43:04 -0400
| Arturo,
Ok, you may be right. I was speaking in more general terms and understand there are exceptions to every rule. I was also referring to the "Legacy" deployment and not specifically about servlet deployment, which I'm not qualified to comment on, since I've never needed to deploy in a servlet container.
I am interested in that type of deployment, but have not had the time, nor need, to explore it further. On Jul 24, 2006, at 12:50 PM, Arturo Perez wrote: Robert Walker wrote: First of all, you should really change your thinking about WebObjects. You are not building a web site, rather you are building an application that happens to present itself as HTML (among others) to the user. If you want security in your application you add security to your application. There are many good books, and some nice examples on how to do this. I would recommend taking a look at Chuck Hill's "Practical WebObjects" to get an idea of what I'm talking about here. You will not be using Apache to secure your application's components.
There is one situation where I would disagree with the above but I don't know how conflict-y it is with WO. That is, some of the features of J2EE container-managed security are very nice (automatic redirection to form, support for HTTP authentication with no coding, etc). In that case, when you deploy to Tomcat or other app-container you get all of that security for free and you can just use HTTPRequest.getUserPrincipal(). That's where I don't know if there's a conflict when deployed in this way. Last time I did this I did use JAAS internally but not the above.
-arturo
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden