This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Declarative Security + Front Controller Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Declarative Security + Front Controller" Watch "Declarative Security + Front Controller" New topic
Author

Declarative Security + Front Controller

Jared Sprague
Greenhorn

Joined: Jun 16, 2004
Posts: 16
Doesnt the use of the Front Controller design pattern eliminate the possibility of using declarative security? Since with the Front Controller you have one centrailized access servlet into your webapp, all users only request a single web resource, so you cant put constraints on it. Are you forced to use programmatic security if you use a Front Controller?
[ December 13, 2004: Message edited by: Jared Sprague ]
Anthony Watson
Ranch Hand

Joined: Sep 25, 2003
Posts: 327
Using a front controller does not prevent you from using declarative security. Your front controller needs a way to determine which object to delegate the request processing to. This is generally based on the URL in some form or another. You can then apply declarative security to the URL. As one example, lets say you had two request processing classes, ClassA and ClassB. You could set it up so that the controller delegates a client's request to ClassA if the URL looks like the following - http://myServer/myApp/myController/ClassA

Using this approach, you can set up your declarative security like so:

[ December 13, 2004: Message edited by: Anthony Watson ]

Anthony W.<br />MCP, SCJP 1.4, SCJD, SCWCD 1.3, SCWCD 1.4, SCBCD
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Declarative Security + Front Controller
 
Similar Threads
Tomcat JSP URL Mapping
Swing Client Vs Web application -- authentication ..
passed part II/III with 93
Declarative Security and MVC
JSP security