From: maxcooper Date: Thu, 15 Aug 2002 07:51:33 +0000 (+0000) Subject: expanded description and advantages of the package, added nav links X-Git-Tag: REL-1_0_b2~2 X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=4f25c3808b7a1630fe3e039e5c031123eef7e678;p=securityfilter.git expanded description and advantages of the package, added nav links --- diff --git a/doc/index.html b/doc/index.html index fb13cf8..15368ea 100644 --- a/doc/index.html +++ b/doc/index.html @@ -5,20 +5,88 @@ + + + +

The SecurityFilter Project Home Page

-SecurityFilter is a Java Servlet Filter that mimics container-based security. It looks just like container-based security to your app, as you can call request.getRemoteUser(), equest.isUserInRole(), and request.getUserPrincipal() and get valid responses. However, it can be deployed within your web app, so you do not need to set the realm in the server configuration, or put any classes in the server classpath. The realm interface for SecurityFilter is proprietary, but it is very simple (2 methods) and should be easy to implement for your project. The other main advantage over container-based security is that users can submit a login form without being forced to the login page by the security mechanism. +SecurityFilter is a Java Servlet Filter that mimics container managed security. It looks just like container managed security to your app, as you can call request.getRemoteUser(), equest.isUserInRole(), and request.getUserPrincipal() and get valid responses. The Security Filter configuration file follows the web.xml standard, which makes it easy to switch to Security Filter from container managed security, or switch back as your requirements or deployment environment details change. + +

Intended Audience:

+ +SecurityFilter is intended for use by Java web application developers. It provides robust security and automatic authentication services for web applications. It has several important advantages over container managed security that make it an ideal solution for single-context, public web sites, or when it is necessary or simply desirable to avoid the server configuration hassles and portability issues associated with container managed security. + +

Advantages of SecuirtyFilter over Container Managed Security:

Downloads: Security Filter File List
Information: Security Filter Project Summary
Security Filter is intended to be packaged within your web app, including your realm implementation and supporting classes. This allows you to deploy you app as a single, deployable unit (war file or expanded war directory structure) with no additional configuration of the server environment. This is in contrast to container managed security in which the realm must be added to the server's classpath (including any supporting classes) and configured in the server.
Security Filter supports "unsolicited" login requests, and will send the user to a destination you have configured upon successful authentication. This allows you to have a login form on every page, or simply link directly to your login form to authenticate users. With container managed security, the container will not process login requests unless the container itself has initiated the authentication sequence (i.e. sent the user to the login form) in response to a request for a protected resource, which makes it impossible to have a login form on every page and complicates implementation of a link to the login form.
Each server has its own realm interface, so your realm implementation will not be portable across different servers. Security Filter has a small, simple realm interface that is portable across different servers (because it is proprietary to Security Filter rather than the server implementation). Security Filter also supports adapter classes to adapt a proprietary realm implementation from any server to the Security Filter realm interface, which will get you up and running quickly and makes your realm portable across different server implementations. A Tomcat/Catalina realm adapter is included in the package now, adapters for other realm implementations are planned, and it is easy to implement your own adapter by following the Catalina realm adapter as an example.

Current Requirements & Limitations of SecurityFilter:

+ +

SecirityFilter requires a Servlet 2.3 compliant server environment. This includes Tomcat 4+, WebLogic 6.1+, and many other servers. Consult your server documentation to check for Servlet 2.3 support.
SecurityFilter only supports FORM based authentication. This is the most popular type of login configuration as it supports an application-specific login form page.
<user-data-constraint> elements are allowed in the SecurityFilter configuration file, but they are not currently supported. <user-data-constraint> elements are used to indicate what web resources are to be accessed only via HTTPS. Support for these constraints is expected to be available soon.
When SecurityFilter is used, a user's Principal will not automatically be propagated to EJB calls. Supporting EJBs with SecurityFilter is currently under investigation, but it is not a currently supported environment.
Single Sign-On among several web application contexts is not currently supported. We are investigating possible solutions for this configuration.

This project is hosted by:

+ + +