• Post Reply Bookmark Topic Watch Topic
  • New Topic

Front controller for authentication , filter for authorization

 
Himai Minh
Ranch Hand
Posts: 1400
8
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On p.652 of Charles Lyon's book:

A web application needs to use programmatic security to protect some of its resources. Which of these patterns would best achieve this goal?
a. front controller
b. intercepting filter
c. MVC
d. business delegate
Answer: A, B
A controller can be used to protect one or two resources and is good for programmatic authentication purpose while a filter is the most scalable solution to implement programmatic authorization. C is incorrect,
we don't necessarily have any need for a view here. D is incorrect, as we aren't using EJB.


Must a controller be used for authentication while a filter is used for authorization ?

Can we use a filter for authentication and a controller for authorization? My reason is : when a request is sent, the filter first authenticates the user. After the authentication is done, the controller authorizes the user and dispatch the right resources to the user.
Is this approach possible?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Posts: 2781
174
Android Chrome Eclipse IDE
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is this approach possible?

Yes, and I find that much more logical than the explanation given by the book.

According to CoreJ2EE patterns you can do:

  • Authentication in the InterceptingFilter or in the FrontController.
  • Authorization is positioned in the FrontController only.
  •  
    Happiness is not a goal ... it's a by-product of a life well lived - Eleanor Roosevelt. Tiny ad:
    the new thread boost feature: great for the advertiser and smooth for the coderanch user
    https://coderanch.com/t/674455/Thread-Boost-feature
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!