Too Complicated
kurt_olsen Nov 14, 2001 5:59 AMHi everybody.
I'm an senior developer and after at least 4 readings of the jaas security section of the manuals (i bought it) I still can't put all of this together in my head.
This is probably because I must do this kind of thing after midnight, after work, after the family goes to bed.
This is not supposed to be hard. As a web-app developer I need a very clear (no explanations of mechanics at all) guide that gets me setup to do the following from the web-client. Assume that I have ejb's that are xml'd for roles etc. that I need to access from a web client.
I actually don't think I should need a guide to do this and that the server should be pre-configured for me...in any case here's all a web developer needs to start with.
1. https access to the server for the login page so that passwords aren't transmitted in the clear and credit card info isn't easily snatched.
2. To be able to edit the web.xml in the .war file to use form based auth.
3. instructions on how to allow both the web-client (using tomcat) and the server tier to use database based authentication. Most web-sites will have some kind of 'signup' and account editing features. The signup has to add to the security database so that it forms a starting point for the 'account' which I will create.
It's too hard people. I can't get it all running. I'm tired grouchy and irritated. I want to write web-apps that are for-real, and e-commercable quickly. I hate screwing around with the equivalent of ms-dos 3.1
You may think I'm being overly harsh. Maybe I am, But you've gotta understand that I MUST focus on results fast or I will NOT be able to turn a profit on this technology. I live in hawaii. We're taking a big hit in the travel industry (which still provides most of the work around here) and I need to be able to deploy ecommercable webapps FAST.
Technology is great. J2ee is cool. JBoss is outstanding. But I need, and feel that your success will truly rise when developers don't have to be JBoss experts in order to get the full capability suite up-n-running.
Regarding my 'ms-dos 3.1' comment. I started programming on an RCA cosmac VIP before the appleII. I've been programming 12 hours a day non-stop since then. I've seen and programmed most everything. When I strip away the marketing clamor and bullshit I still see a console window spewing tons-o-stuff, (yours, weblogics, iplanets, everybodys j2 stuff) fight classpath, fight xml configs, properties, dtd's, tlds and don't yet have a development tool that can fully deal with jsp pages worth a damm. I'm not bitching per-se because I know this technology is still in it's teen-age years and isn't mature. I hope I'm still programming when it is.
Argh....what is the simplest path to the goal of getting a form-based auth'd https'd web-client that can access my ejb's without requiring 40 hours of 'overhead' that I have to eat the cost on?
G'night.
I could sure use some help with a quick-start guide.
I'll write it I somebody could explain what has to be done without telling me WHY it has to be done. I don't care.