3 web.xml (For augmented hotdotcom intranet) (continued)
4.2 Example: Combining Container-Managed and Programmatic Security 187
Figure 4??“1 The employee-pay.jsp page when accessed by a user who is in the
employee role.
Figure 4??“2 The employee-pay.jsp page when accessed by a user who is in the
executive role.
Chapter 4 ?– Programmatic Security 188
4.3 Handling All Security
Programmatically
Declarative security (see Chapter 3) offers a number of advantages to the developer.
Chief among them is the fact that individual servlets and JSP pages need no
security-conscious code: The container (server) handles authentication in a manner
that is completely transparent to the individual resources. For example, you can
change which categories of users should have access to a resource, you can switch
from form-based authentication to BASIC authentication, or from regular HTTP
connections to encrypted HTTPS connections, all without any changes to the individual
servlets or JSP pages. The developer can concentrate on the application logic
and which data to display without worrying about what type of user might end up
seeing the data.
Even when you want a bit more control than just ???access allowed??? or ???access
denied,??? it is convenient to let the server maintain and process the usernames and
passwords, as discussed in Section 4.1 (Combining Container-Managed and Programmatic
Security).
Pages:
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235