Solved

Security Model

Posted on 2004-04-14
3
257 Views
Last Modified: 2010-04-01
Within a JSP website, what are the best/common ways of enforcing a security model across the application. i.e. Having a secure log in and from that log in securly maintaining the users session, so that outside user cannot interfere, and  that the user is restricted to the specfic operations they are allowed to do.
0
Comment
Question by:danBosh
3 Comments
 
LVL 7

Expert Comment

by:searlas
ID: 10821850
Security is configured in the web.xml file of the web application.  Specifically, look for information about security-constraint, login-config and security-role.

A few things to read:

How can you prevent users from accessing a JSP directly that is designed to be used from an Action?
http://www.jguru.com/faq/view.jsp?EID=471953

Basic Authenitcation
http://edocs.bea.com/workshop/docs81/doc/en/workshop/guide/security/authentication/conBasicAuthentication.html

Security in the Web-Tier
http://java.sun.com/webservices/docs/1.3/tutorial/doc/Security2.html


0
 

Author Comment

by:danBosh
ID: 10822005
thaks but these seem to be reguarding system securit, i was more interested in application secuity
0
 
LVL 4

Accepted Solution

by:
john-at-7fff earned 50 total points
ID: 10827475
Actually that last URL (Security in the Web-Tier) is probably what you want. If you use Basic Authentication, there is usually a means -- depending on your server -- to put a list of users and roles in your web app (as XML files in your War). Then programmatically, you can write code like if (request.isUserInRole(String)) { do something . . . .}. Using basic auth, you're getting the most help from the container. One nice thing about this strategy is that many servers offer means to connect this kind of authentication to, say, an LDAP server so that you can start with your own list of users and roles, and then someday tie it into your corporate user/password database.

If you want to implement role-based security yourself, the classic means is to create a session attribute that contains some information about the user; then at the top of every page, you check the value of that session variable. Similarly, you could log information at this point.

An increasingly common strategy for developers who want to do their own security is to write an authentication filter. This is a Java object that sits "in front of" all of the requests into your application -- so you can do something "interesting" before every page is displayed (such as log the activity) or terminate that user's request and send her to an error page. See, e.g., http://java.sun.com/blueprints/corej2eepatterns/Patterns/InterceptingFilter.html

Really, though, you might want to describe exactly what you're looking for.

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
spring AOP 6 79
Fisheye tool 2 104
countXY challenge 28 146
Why my table column Id is not passed to java object? 4 25
Some code to ensure data integrity when using macros within Excel. Also included code that helps secure your data within an Excel workbook.
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now