× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



> From: Larry Schweyer
> 
> Securing Web pages and servlets in WebSphere Application Server is a
wee
> bit more complicated than protecting pages in HTTP.

Just as a quick counterpoint - the J2EE security model is not the only
way to go.  It really depends on your application architecture.

The J2EE architecture has two pieces: authentication and access.
Authentication is just verifying whether you are who you say you are.
That's the role of LDAP or its brethren (and my guess is that single
singon comes into play here as well).

The access portion of security is similar in many ways to the
old-fashioned green-screen menu type of security, where a user is
authenticated to various application functions.  Whereas we had a
database file with user IDs and authorization, in J2EE, this happens to
be through roles defined in XML files.

Where your access authorization is defined really depends on where your
application controller resides.  If your architecture is highly
RPG-centric (that is, your business logic is encapsulated in RPG server
programs) then a perfectly acceptable alternative is to have the control
logic in your RPG code.

In this architecture, the form data from the browser is basically sent
down to an RPG program, which then determines the next page to display.
In this model, the controller job is an RPG program submitted under the
appropriate OS/400 user profile, and security is handled the way you
would handle any other sort of security.

I'm not saying one technique is better than the other, all I'm saying is
that you don't necessarily have to bother with the access side of J2EE
security if you don't want to.

Joe


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.