Win a copy of Java 9 Revealed this week in the Features new in Java 9 forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

declarative authentication and authorization  RSS feed

 
Raju Sri
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ranchers,

I have a doubt regarding authentication and authorization . I understand that Authentination is a process of identifying the person and Authorization is the process of determining whether a user is permitted to access a particular resource that she has requested.

My question is how this applies to declarative security in web.xml.

what <security-constraint> element represent in web.xml? . Authorization or Authentication ?
what <long-config> element represent in web.xml? . Authorization or Authentication ?

I am thinking that <security-constraint> represents Authorization and <login-config> represents Authentication .

Pls correct me if I am wrong. I just want to confirm from you guys that my understand is correct.

Thanks in advance
 
Bert Bates
author
Sheriff
Posts: 8945
17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Raju -

Your question is at a very high level, and what you said is correct

The sub-elements of <security-constraint> are pretty complicated, and the SCWCD exam will test you on the details. The <login-config> sub-elements aren't quite as tricky, but you'll have to study those too.
 
S Subramonyan
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The <login-config> element specifies the authentication mechanism and <security-constraint> specifies the authorization mechanism. Its pretty easy, if you consider the DTD.

<login-config> element can be at the most one. You can specify the authentication mechanism for the web-app here. But <security-constraint> specifies who can access the <web-resource-collection>. So its a mechanism for authorization. There can be more than one occurence of <security-constraint> in a webapp, where as a maximum of one occurence can be there for <login-config>

Hope this helps.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!