authentication in shared tomcat?

I am using godaddy for my java hosting using shared tomcat package. Now as it it shared i cant go with jaas. So how do other jsp websites authenticate and authorize users for their site if they can not implement jaas? Do they handle all the mechanism themselves or is th开发者_高级运维eir some other better mechanism?

Thanks in advance.

You will need to handle security within your application. Spring Security and Apache Shiro are the logical choices; both can be simply mounted as filters in your web.xml and also have AOP support. Spring Security in particular has reached a level of maturity where many people use it as an alternative to container security, even when there are no impediments like the one you have encountered.