Advantages of Container-Managed Authentication ??

[Mete Kural <me...@yahoo.com>]

Hello,

So far I thought that container-managed authentication
was the way to go. Why I thought so? I thought:

1) Since such authentication is implemented by experts
in the field there's a much greater chance that their
implementation would be much more secure to attacks
then my own application-managed implementation.

2) The container has much more control in a servlet
environment than a web-app. Therefore if the container
is aware of the user who is making requests rather
than just the web-app, this would be an added security
incentive.

3) Struts tag library provides some neat tags such as
conditional tags based on the logged-in user's
identity and roles, and probably such tags will
flourish even more in the future. These tags support
only container-based authentication (am I right
here?). So if you're using container-managed
authentication you can use these tags, otherwise
you'll have to implement your own.

Do you guys think that three so-called advantages that
I've listed are really valid advantages and is there
any more advantages associated to container-managed
authentication?

Basically I'm asking all these questions because I'm
trying to decide whether I should abandon
container-managed authentication and implement my own.

Thanks,
Mete


__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>