Win a copy of Java EE 8 High Performance this week in the Java/Jakarta EE forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Is security-constraint useful?  RSS feed

Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,
I've been reviewing the umpteen thousand topic/threads on implementing varying types of security within web.xml. At the time I was stuck in "obey, must obey" mode and wasn't truly questioning the worth of some of the things I had begun to implement.
My question is, is usage of security-constraint/login-config merely "a way" to implement webapp security, or are those of you convinced that it is the way. I ask, because I've come across literature that suggests to me that I am going to have to implement authentication logic per page anyway while using MVC... that is, that the attributes within the xml file are merely to limit access via http://hostname/webapp/resource sorts of calls.
If that's the case, and I already have a user db that would have to be configured for a realm (jrun doesn't have the cute JDBCRealm, btw), I am curious as to any wins I would incur by following the specification.
Opinions? Thanks as always...
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!