You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by ra...@apache.org on 2001/03/22 17:51:27 UTC

cvs commit: jakarta-turbine/xdocs j2ee-integration.xml

rafal       01/03/22 08:51:26

  Modified:    xdocs    j2ee-integration.xml
  Log:
  added a note about container managed security
  
  Revision  Changes    Path
  1.2       +37 -0     jakarta-turbine/xdocs/j2ee-integration.xml
  
  Index: j2ee-integration.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-turbine/xdocs/j2ee-integration.xml,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- j2ee-integration.xml	2001/03/21 17:49:14	1.1
  +++ j2ee-integration.xml	2001/03/22 16:51:24	1.2
  @@ -128,6 +128,43 @@
   security your application requires.
   </p>
   
  +<p><strong>How does Turbine work with ... container manged security?</strong></p>
  +
  +<p>
  +You can use container managed security if you wish, and Turbine provides you with
  +mechanism for application manged security, in case you need them.
  +</p>
  +
  +<p>
  +The main problem with container managed security is that it cannot be managed
  +from the inside of the application. Whenever you want to add/remove users to
  +your application (or suite of them) or want to modify user's roles, you need
  +to use whatever tool your application server provides for that.
  +</p>
  +
  +<p>
  +Now, this could work just fine for closed-public applications and intranets,
  +but would be really unacceptable on open-public sites, where the users need
  +the ability to register and receive 'accounts' without human interaction.
  +</p>
  +
  +<p>
  +Currently Turbine supports the latter model - application managed security.
  +This is because if it didn't have it, many people would have to write code
  +to provide it. That's why we created SecurityService in a cooperative effort.
  +</p>
  +
  +<p>
  +On the other hand, you don't need to write any code to use declarative
  +container managed security. You can restrict access to the Turbine
  +servlet with the usual web.xml magic. If you wish to use programmatic 
  +container managed security code, there is relatively very little code to write.
  +You need to create your own SecureScreens (probably extending VelocityScreen)
  +and SecureActions that contained code that calls the <code>HttpServletRequest 
  +getUserPrincipal</code> and <code>isUserInRole</code> methods.
  +above.
  +</p>
  +
   </section>
   
   </body>
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org