Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is security-constraint useful?

 
Matt Horton
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,
I've been reviewing the umpteen thousand topic/threads on implementing varying types of security within web.xml. At the time I was stuck in "obey, must obey" mode and wasn't truly questioning the worth of some of the things I had begun to implement.
My question is, is usage of security-constraint/login-config merely "a way" to implement webapp security, or are those of you convinced that it is the way. I ask, because I've come across literature that suggests to me that I am going to have to implement authentication logic per page anyway while using MVC... that is, that the attributes within the xml file are merely to limit access via http://hostname/webapp/resource sorts of calls.
If that's the case, and I already have a user db that would have to be configured for a realm (jrun doesn't have the cute JDBCRealm, btw), I am curious as to any wins I would incur by following the specification.
Opinions? Thanks as always...
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic