Categories

Duncan Mills

Archives

Misc

Syndicate this blog

JSF & Container Security Revisited

Frank and I have been worrying at this issue like a bone for what seems to be at least two years in search of the perfect solution. I had made some progress a while back with my JSP proxy pattern and although that works for me some people seemed to have problems with it and it lacked a certain elegance.
Anyhow, Frank revisted the issue and has come up with a much nicer solution which build on the proxy pattern using a servlet instead and a JSF PhaseListener to manage the problem of reporting errors back to the JSF page.
It also looks like we've identified a more elegant solution in release 11 of the Application Server, but that's specific to the OC4J container rather than the generic approach Frank has blogged about.
In the slightly longer term it does look like JSR-196 (Java Authentication Service Provider Interface for Containers) my finally provide for a standardization at the API level that will provide a solution which is both elegant and standard. However, the JCP.ORG site seems strangly reluctant to reveal the contents of the proposed final draft.

05:20:41 am . 16/03/07 . Duncan Mills . Java and Web Development, JavaServer Faces, General . 1 comment

Comments:

Comment from: Jan Vervecken [Visitor]
There exist examples of other JSR's, like JSR 227, that seem strangly reluctant to reveal details on the progress they have made over the years. (But, I have been able to download "JSR-000196 JavaTM Authentication Service Provider Interface for Containers 1.0 Proposed Final Draft" today, and you could always ask Raymond K. Ng who appears to be in the JSR 196 Expert Group for Oracle.)
regards
Jan Vervecken
Permalink 17/03/07 @ 15:14

Comments are closed for this post.