This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Doesnt the use of the Front Controller design pattern eliminate the possibility of using declarative security? Since with the Front Controller you have one centrailized access servlet into your webapp, all users only request a single web resource, so you cant put constraints on it. Are you forced to use programmatic security if you use a Front Controller? [ December 13, 2004: Message edited by: Jared Sprague ]
Using a front controller does not prevent you from using declarative security. Your front controller needs a way to determine which object to delegate the request processing to. This is generally based on the URL in some form or another. You can then apply declarative security to the URL. As one example, lets say you had two request processing classes, ClassA and ClassB. You could set it up so that the controller delegates a client's request to ClassA if the URL looks like the following - http://myServer/myApp/myController/ClassA
Using this approach, you can set up your declarative security like so:
[ December 13, 2004: Message edited by: Anthony Watson ]