ServicedComponent Usage. why do Java Enterprise Developers insist on using J2EE? Why not simply uses Servlets and a good business component layer?  [News from the Forest]

Probably because it's easier than thinking, which is pretty much what Mike Cannon-Brookes and Patrick Lightbody concluded in Is EJB Always Necessary?.  Mike posted a good followup at EJB Is Not Always Necessary.  This has been a private crusade of mine the past few days since I discovered these articles, because there's a overall architectural direction at work to use EJB, or in my opinion, to overuse EJB.  Being a veteran of a CORBA distributed disaster, I'm pretty gunshy about using distributed objects now.  I'm a novice with EJB, but the same principles apply over all these types of systems.

Rick Salsa asks What the heck is .NET? and moreover, what does it have that J2EE doesn't? The thing that impressed me most was the HTML GUI component stuff. The fact that a select box automatically used DHTML/HTML/Winforms depending on where it was accessed is _very_ cool. [rebelutionary]

I think WinForms in general is extremely cool; it's like programming VB without being forced to use a crummy language. WinForms is a real applet killer, as if applets needed any help. The runtime supports attributes, which I've decided are a lot like crack; I'm hooked for sure. Attributes enable AOP, in the static sense at least. I think that .NET has a better deployment story and a better security model, in that code signing and versioning of assemblies is integrated really well and is very easy to implement. Incidentally, I think that Rick's comment that the architecture is derivative of Java is misplaced for two reasons: Java didn't invent the intermediate code concept, and .NET's execution model is actually quite a bit different from Java's. And finally, .NET has real cross language possibilities. I don't want to put my language blinders on; Java isn't the best answer to every problem. Are these compelling reasons to tie oneself to a Microsoft platform? If platform independence is a compelling need in itself, no, though there is something of a platform independence story in Rotor, and more compellingly, Mono. But the original article says Microsoft should follow IBM's model. Is this any better for us? Seems to me that by going with WebSphere, you're locking yourself in just as tightly. So let me turn James' question around: Is there anything in WebSphere that's worth being tied to IBM for?

I was working with Greg's authentication samples at work and I discovered a very irritating behavior with IIS on XP Professional. It seems that Digest Authentication is on by default, and the management UI doesn't allow you to shut it off. The problem with this is that the unmanaged authentication mechanisms get first crack at the authentication, and last crack at modifying the headers. So what happens is that when the managed authentication module returns a 401, it appends a header telling the caller that it can handle Basic (or Digest) and completes the request. However, the unmanaged authentication sees the 401 and appends its own header saying that it understands Digest, along with the domain to authenticate against, and also puts this at the front of the list of WWW-Authenticate headers. The caller sees this and attempts to authenticate using Digest on the domain that the unmanaged code specified. The next request hits IIS with the new credentials, but not only do they pertain to the domain that the unmanaged code specifiied, the unmanaged code doesn't know how to authenticate, because the caller's not trying to authenticate against Active Directory (which is the whole point of this excercise).

After some experimentation (and Greg's suggestion), I determined that you can use the IIS ADSI interface to shut off Digest. Here's a little bit of VBScript that does the trick on the root of the site:

 
' Select the virtual directory you want to modify, you'd need to determine the 
' site number if you're running more than 1 site, but that's not supported on XP Pro. 
' append a virtual directory name here to specify only a subdir 

RootNodePath = "IIS://LocalHost/w3svc/1/Root" 

Set oRootNode = GetObject(RootNodePath) 

If Err <> 0 Then 

Display "Couldn't find the path " & RootNodePath & "!" 

WScript.Quit (1) 

End If 

oRootNode.AuthFlags = 1 

' turn off all authentication except Anonymous 

oRootNode.SetInfo 

The AuthFlags argument is a bitmask containing the authentication options for the given object, where 1 = Anonymous, 2 = Basic, 4 = NTLM and 16 = Digest. So this example sets the authentication to Anonymous. AFAICT, IIS doesn't expose a separate property for Digest as it does for the others, so it appears that this is the only way to shut off digest.