Damn! My phone, the Sony-Ericsson, just got a whole lot cheaper (I paid $180). From Gizmodo:
Sony Ericsson's T68i cellphone, which has a color screen, Bluetooth, and uses GPRS for surfing the Web and sending emails, text messages, and multimedia messages, is just $24.99 with new service activation over at Amazon.
If you're in the market for a new phone, I highly recommend this one - even for the $180 I paid. It's nice to use iSync and have all my contacts synchronized with no wires. It's also great for checking my e-mail (IMAP or POP), and I can even use Yahoo Messenger on it! My favorite feature though is the ability to find the closest movie times or restaurants - I just have to tell it to auto-locate me. I think most of these features are mMode features though, not just for the phone.
Erik Hatcher has convinced me that I need to give more coverage to JAAS in my chapter on Security. To quote his comment from yesterday's JAAS post:
I think you are underestimating the value of JAAS a fair bit. Suppose you want to authenticate your users against a database table of users/passwords. Without JAAS this is container-specific (sure it works nice in Tomcat, but would you be able to do FORM authentication in WebSphere easily?). We use JAAS in the big application I'm developing and it gives us the freedom to more easily port our application to other containers. What if your application needed to authenticate users (suppose for a portal, not that far fetched, eh?) where each "portlet" had a different authentication scheme: LDAP, Windows NT, database, etc. JAAS is the way to go.
While I can see Erik's point, I think that if the app servers follow the Servlet spec, implementing form-based authentication on any J2EE-compliant server should be easy. After all, Tomcat is the Reference Implementation. At the same time, the bit about the portles is a whole other can of worms - I can see what he's getting at, and I guess I need to figure out an easy way to demonstrate using JAAS. From what I understand, you do have to call the authenticate() in a servlet or filter. Hopefully, I can use a little Ant/XDoclet magic to create a sample that can switch b/w form-based, container-managed authentication and JAAS. Tell me what you think of this idea:
- Use Ant and a task that runs if ${enable.jaas} is true
- This task (i.e. jaas) will add a JAAS policy file to the webapp, maybe in the WEB-INF/classes directory so it's in the classpath
- The jaas task will do some token replacement in login.jsp to change the form's action from j_security_check to something else. Ideally, I wouldn't have to do this.
- The webdoclet task with not merge the web-security.xml file into web.xml
- The ActionFilter, which I currently use to retrieve the user's information, will call the authenticate method and route appropriately if JAAS is enabled.
One thing I really like about form-based authentication (besides the ease of setup and no required programming) is that it allows users to bookmark pages in your app. When they select that bookmark again after logging out, they are prompted for a login and routed to the bookmark upon successful authentication. I hope JAAS can do this too.
Damn! My phone, the Sony-Ericsson, just got a whole lot cheaper (I paid $180). From Gizmodo:
