Section 9.2. Web-Based Security
9.2. Web-Based SecurityTo secure the web site, we need to do the following:
9.2.1. Protecting the Administrative PagesJ2EE provides Declarative Security, so rather than writing code to protect our resources, we can accomplish this through URL patterns and deployment descriptors. If you'll recall, the Car Inventory page (carList.jsp), as shown in Figure 9-1, enables you to view and modify the JAW Motors inventory. Figure 9-1. JAW Motors Car Inventory page We also must protect the Add/Edit Car page (carForm.jspyou see this page when you press the "Add Car" or "Edit" link on the Car Inventory page) (Figure 9-2). Figure 9-2. JAW Motors Add/Edit Car page We first move carList.jsp and carForm.jsp to a sub-directory under WEB-INF (in the WAR file) called admin to differentiate these protected pages from the public pages. Now our pages in the WAR file look like this:
To access these pages, you would now use this URL as a prefix: http://localhost:8080/ch09/admin/ But we still need to restrict access to the administrative pages by creating security roles and associating them with these URL patterns in web.xml. |
EAN: 2147483647
Pages: 197
- The Four Keys to Lean Six Sigma
- Key #4: Base Decisions on Data and Facts
- Making Improvements That Last: An Illustrated Guide to DMAIC and the Lean Six Sigma Toolkit
- The Experience of Making Improvements: What Its Like to Work on Lean Six Sigma Projects
- Six Things Managers Must Do: How to Support Lean Six Sigma