• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

Programmatic vs Declarative Security

Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't understand if declarative is better than programmatic security.
The HFJS says that! I used the declarative approach with struts that if I remember use container security.. but I used also some programmatic s. with Acegi&Spring and I think that's better.
The book is quite old.. so today, if you have to choose, is programmatic security a better way then declarative?
Posts: 43081
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's not possible to make blanket statements that say one is better than the other, not in the past, and not now. Both approaches have advantages and drawbacks.

Declarative (or container) security lets you keep just about all handling of users and roles out of the code, using just Servlet API methods. Thus the code remains completely portable, and everything can be configured outside of the code.

Programmatic security has the advantage of being more flexible. In some cases it is not possible to map user roles to URLs, at least not without looking at URL parameters (which declarative security can't do).

In general, the larger a system is, the more likely it is that you'll run into something that declarative security can't handle, or where you'll need to use a more advanced API like JAAS.
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic