This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Servlets and the fly likes Is security-constraint useful? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "Is security-constraint useful?" Watch "Is security-constraint useful?" New topic
Author

Is security-constraint useful?

Matt Horton
Ranch Hand

Joined: Feb 06, 2002
Posts: 107
Hello all,
I've been reviewing the umpteen thousand topic/threads on implementing varying types of security within web.xml. At the time I was stuck in "obey, must obey" mode and wasn't truly questioning the worth of some of the things I had begun to implement.
My question is, is usage of security-constraint/login-config merely "a way" to implement webapp security, or are those of you convinced that it is the way. I ask, because I've come across literature that suggests to me that I am going to have to implement authentication logic per page anyway while using MVC... that is, that the attributes within the xml file are merely to limit access via http://hostname/webapp/resource sorts of calls.
If that's the case, and I already have a user db that would have to be configured for a realm (jrun doesn't have the cute JDBCRealm, btw), I am curious as to any wins I would incur by following the specification.
Opinions? Thanks as always...
 
GeeCON Prague 2014
 
subject: Is security-constraint useful?