[jboss-as7-dev] Management Console JDK Server Example

David M. Lloyd david.lloyd at redhat.com
Thu Jan 20 14:48:36 EST 2011


On 01/20/2011 01:43 PM, Jason T. Greene wrote:
> On 1/20/11 11:02 AM, ssilvert at redhat.com wrote:
>> Quoting Jason Greene<jason.greene at redhat.com>:
>>
>>> On Jan 20, 2011, at 7:55 AM, ssilvert at redhat.com wrote:
>>>
>>>> I don't want to reinvent the Servlet API either.
>>>
>>>
>>> It's not reinventing the servlet API, it's using an alternative one
>>> that accomplishes then same thing but with minimal overhead.
>>
>> If that can really be achieved in a reasonable time frame then I'm all
>> for it. I'm just skeptical at the moment.
>>
>> Heiko's point about needing a robust security layer like JAAS is a
>> pretty good one.
>>
>
> So servlet containers give you a set of pre-established authentication
> mechanisms: (...)
> To go beyond these things you have to either not use servlet security
> (and instead do custom servlet filters) OR write a container specific
> plugin (like a tomcat valve). Once you get to this point it's equivalent
> to implementing security directly.

Also, calling JAAS "robust" is a bit silly.  About the only thing JAAS 
has going for it is that it exists.  It is completely inadequate for 
handling nontrivial authentication schemes.

-- 
- DML



More information about the jboss-as7-dev mailing list