• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Front controller for authentication , filter for authorization

 
Bartender
Posts: 2418
13
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
On p.652 of Charles Lyon's book:


A web application needs to use programmatic security to protect some of its resources. Which of these patterns would best achieve this goal?
a. front controller
b. intercepting filter
c. MVC
d. business delegate
Answer: A, B
A controller can be used to protect one or two resources and is good for programmatic authentication purpose while a filter is the most scalable solution to implement programmatic authorization. C is incorrect,
we don't necessarily have any need for a view here. D is incorrect, as we aren't using EJB.



Must a controller be used for authentication while a filter is used for authorization ?

Can we use a filter for authentication and a controller for authorization? My reason is : when a request is sent, the filter first authenticates the user. After the authentication is done, the controller authorizes the user and dispatch the right resources to the user.
Is this approach possible?
 
Creator of Enthuware JWS+ V6
Posts: 3411
320
Android Eclipse IDE Chrome
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Is this approach possible?


Yes, and I find that much more logical than the explanation given by the book.

According to CoreJ2EE patterns you can do:

  • Authentication in the InterceptingFilter or in the FrontController.
  • Authorization is positioned in the FrontController only.
  •  
    reply
      Bookmark Topic Watch Topic
    • New Topic