tag:blogger.com,1999:blog-6868595312516376692.post5188780177216508242..comments2023-11-23T09:33:53.598+01:00Comments on Enterprise Software Development with Java: Dynamically registering WebFilter with Java EE 6Markus Eiselehttp://www.blogger.com/profile/16195673592300911244noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-6868595312516376692.post-28405990114609811952011-07-06T22:47:08.118+02:002011-07-06T22:47:08.118+02:00A very nicely done article. Concise and to the poi...A very nicely done article. Concise and to the point. Thanks for sharing.John Yearyhttps://www.blogger.com/profile/00461192445071361043noreply@blogger.comtag:blogger.com,1999:blog-6868595312516376692.post-19145715616553898402011-07-05T15:53:19.303+02:002011-07-05T15:53:19.303+02:00If you have not done so already, take a look at th...If you have not done so already, take a look at the Servlet Profile of JSR 196; which is required to be supported by all Servlet containers of EE 6 full-platform compatible application servers. Unlike Servlet filter based approaches, the Servlet profile ensures that the authentication result set by the pluggable module, is applied in the access control processing performed by the Servlet container. The profile is also well suited for the 2-mode configuration problem you have cited. More examples of its use are emerging with the arrivalof compatible EE 6 containers. The one unfortunate downside; which we hope to rectify, is that the Servlet 3.0 spec only recommends support for the contract; which means that it may not be supported in some lightweight 3.0 compatible Servlet-(only) containers. If you would like more info let me know.monzillohttps://www.blogger.com/profile/12124395933909301048noreply@blogger.comtag:blogger.com,1999:blog-6868595312516376692.post-6583909644052917642011-06-20T14:42:35.808+02:002011-06-20T14:42:35.808+02:00Hi, I partly agree ;-) What cannot be done using s...Hi, I partly agree ;-) What cannot be done using standard Java EE security should be done with filters.Yannick Majoroshttps://www.blogger.com/profile/16823032095354231202noreply@blogger.comtag:blogger.com,1999:blog-6868595312516376692.post-81900576757771487192011-06-20T09:26:17.896+02:002011-06-20T09:26:17.896+02:00Hi Yannick,
thanks for your comment. You are part...Hi Yannick,<br /><br />thanks for your comment. You are partly right. There are some requirements, which could not be solved with the Java EE standard security mechanisms. The only way out are filters ...<br /><br />Rgds,<br />MMarkus Eiselehttps://www.blogger.com/profile/16195673592300911244noreply@blogger.comtag:blogger.com,1999:blog-6868595312516376692.post-55324738559330291742011-06-20T09:23:16.809+02:002011-06-20T09:23:16.809+02:00Nice article, this can really be useful. The only ...Nice article, this can really be useful. The only thing: in my opinion, most security concerns should be based on standard Java EE security (login modules, declarative security, ...) instead of a custom filter.Yannick Majoroshttps://www.blogger.com/profile/16823032095354231202noreply@blogger.com