• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Front controller for authentication , filter for authorization

 
Himai Minh
Ranch Hand
Posts: 1360
7
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On p.652 of Charles Lyon's book:

A web application needs to use programmatic security to protect some of its resources. Which of these patterns would best achieve this goal?
a. front controller
b. intercepting filter
c. MVC
d. business delegate
Answer: A, B
A controller can be used to protect one or two resources and is good for programmatic authentication purpose while a filter is the most scalable solution to implement programmatic authorization. C is incorrect,
we don't necessarily have any need for a view here. D is incorrect, as we aren't using EJB.


Must a controller be used for authentication while a filter is used for authorization ?

Can we use a filter for authentication and a controller for authorization? My reason is : when a request is sent, the filter first authenticates the user. After the authentication is done, the controller authorizes the user and dispatch the right resources to the user.
Is this approach possible?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2533
113
Android Chrome Eclipse IDE
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is this approach possible?

Yes, and I find that much more logical than the explanation given by the book.

According to CoreJ2EE patterns you can do:

  • Authentication in the InterceptingFilter or in the FrontController.
  • Authorization is positioned in the FrontController only.
  •  
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic