File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Declarative Security + Front Controller Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Declarative Security + Front Controller" Watch "Declarative Security + Front Controller" New topic

Declarative Security + Front Controller

Jared Sprague

Joined: Jun 16, 2004
Posts: 16
Doesnt the use of the Front Controller design pattern eliminate the possibility of using declarative security? Since with the Front Controller you have one centrailized access servlet into your webapp, all users only request a single web resource, so you cant put constraints on it. Are you forced to use programmatic security if you use a Front Controller?
[ December 13, 2004: Message edited by: Jared Sprague ]
Anthony Watson
Ranch Hand

Joined: Sep 25, 2003
Posts: 327
Using a front controller does not prevent you from using declarative security. Your front controller needs a way to determine which object to delegate the request processing to. This is generally based on the URL in some form or another. You can then apply declarative security to the URL. As one example, lets say you had two request processing classes, ClassA and ClassB. You could set it up so that the controller delegates a client's request to ClassA if the URL looks like the following - http://myServer/myApp/myController/ClassA

Using this approach, you can set up your declarative security like so:

[ December 13, 2004: Message edited by: Anthony Watson ]

Anthony W.<br />MCP, SCJP 1.4, SCJD, SCWCD 1.3, SCWCD 1.4, SCBCD
subject: Declarative Security + Front Controller
It's not a secret anymore!