Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

declarative authentication and authorization

 
Raju Sri
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ranchers,

I have a doubt regarding authentication and authorization . I understand that Authentination is a process of identifying the person and Authorization is the process of determining whether a user is permitted to access a particular resource that she has requested.

My question is how this applies to declarative security in web.xml.

what <security-constraint> element represent in web.xml? . Authorization or Authentication ?
what <long-config> element represent in web.xml? . Authorization or Authentication ?

I am thinking that <security-constraint> represents Authorization and <login-config> represents Authentication .

Pls correct me if I am wrong. I just want to confirm from you guys that my understand is correct.

Thanks in advance
 
Bert Bates
author
Sheriff
Posts: 8905
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Raju -

Your question is at a very high level, and what you said is correct

The sub-elements of <security-constraint> are pretty complicated, and the SCWCD exam will test you on the details. The <login-config> sub-elements aren't quite as tricky, but you'll have to study those too.
 
S Subramonyan
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The <login-config> element specifies the authentication mechanism and <security-constraint> specifies the authorization mechanism. Its pretty easy, if you consider the DTD.

<login-config> element can be at the most one. You can specify the authentication mechanism for the web-app here. But <security-constraint> specifies who can access the <web-resource-collection>. So its a mechanism for authorization. There can be more than one occurence of <security-constraint> in a webapp, where as a maximum of one occurence can be there for <login-config>

Hope this helps.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic