Arrays.asList(”Rod”, “Jane”, “Freddy”); AspectJ + AspectWerkz = AspectJ 5
Jan 18

Container Managed Security: If your standard covers a lowest common denominator. Please add hooks!

Java, Security, Tech Add comments

I understand that a lot of standards end up being lowest common denominators. That is one of the issues with design by commitee.

However, I wish that the standards would have defined hooks that allow you to write code which uses the standard but adds on functionality.

Take the Servlet API for an example. This is one of the better APIs in J2EE. It is pretty darn portable. I try really hard to be able to have a .war that can be placed in a container and have it just run, but this isn’t always the case. If I have to open up a server.xml I think I failed :)

One example is Container Managed Security. Their are a couple of features that I really wish were in the spec. How about the ability to LOG OUT (not just nuking the session!). What about enhancing the security piece?

Take a login box. Form-based security allows you to setup a username and password and get authentication/authorization going. However, what if you want to do something like a ‘Remember me?’ check box, or the security image that I talked about last week.

Since the spec doesn’t have any hooks, and doesn’t easily allow a filter to kick in before the security piece, this becomes really tough. Well, on some servlet containers. Remember Me? functionality is built into Resin. I don’t have to do a thing. But, unless I know that I want to only run on Resin, I am kinda stuck.

I said before that I wanted to be able to create a .war file that runs in any container. To do this now I use another system for handling security. Trying to get around the CMS system is more trouble than it is worth. Is there a nice programatic API to log someone in and out? No.

For this reason I end up using something like Acegi Security for Spring.

Come on guys, give me some hooks!

And, let’s not get started on JAAS and how there isn’t a standard API to create users/groups in the system! Argh!

Comments are closed.