This section is designed to help you understand in what circumstances you should decide to use the J2SE/Servlet-based authentication model.
Use the J2SE/Servlet authentication model:
In general, for most new J2SE/Servlet-based web applications.
For existing .war files that you do not wish to modify.
For creating web applications where full J2SE/Servlet compatibility is important either now or in the future.
If you wish to use form-based authentication since form-based authentication is not supported by ACLs.
Remember that even if you use the ACL-based infrastructure you still have the option of using the Native Realm Java realm in order to propagate the user identity so that it is available for the servlet.