This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Is security-constraint useful? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Is security-constraint useful?" Watch "Is security-constraint useful?" New topic
Author

Is security-constraint useful?

Matt Horton
Ranch Hand

Joined: Feb 06, 2002
Posts: 107
Hello all,
I've been reviewing the umpteen thousand topic/threads on implementing varying types of security within web.xml. At the time I was stuck in "obey, must obey" mode and wasn't truly questioning the worth of some of the things I had begun to implement.
My question is, is usage of security-constraint/login-config merely "a way" to implement webapp security, or are those of you convinced that it is the way. I ask, because I've come across literature that suggests to me that I am going to have to implement authentication logic per page anyway while using MVC... that is, that the attributes within the xml file are merely to limit access via http://hostname/webapp/resource sorts of calls.
If that's the case, and I already have a user db that would have to be configured for a realm (jrun doesn't have the cute JDBCRealm, btw), I am curious as to any wins I would incur by following the specification.
Opinions? Thanks as always...
 
jQuery in Action, 2nd edition
 
subject: Is security-constraint useful?
 
Similar Threads
problem regarding empty auth-constraint tag
Some brain-storming questions in security
Weblogic security - ajax web service
Declarative security in Struts2
Few guesses about security