Re: [jboss-as7-dev] Management Console JDK Server Example

On 1/20/11 11:02 AM, ssilvert(a)redhat.com wrote: > Quoting Jason Greene<jason.greene(a)redhat.com>: > >> On Jan 20, 2011, at 7:55 AM, ssilvert(a)redhat.com wrote: >> >>> I don't want to reinvent the Servlet API either. >> >> >> It's not reinventing the servlet API, it's using an alternative one >> that accomplishes then same thing but with minimal overhead. > > If that can really be achieved in a reasonable time frame then I'm all > for it. I'm just skeptical at the moment. > > Heiko's point about needing a robust security layer like JAAS is a > pretty good one. > So servlet containers give you a set of pre-established authentication mechanisms: (...) To go beyond these things you have to either not use servlet security (and instead do custom servlet filters) OR write a container specific plugin (like a tomcat valve). Once you get to this point it's equivalent to implementing security directly.