Pro JSP 2 pp 469-513 | Cite as

Security in Web Applications


We hope we’ve convinced you that security is pretty easy to add to a web application. It offers many benefits after it’s been added: customization based on role, an auditing log, and password encryption. In our experience, using container-managed security has made our development existence more enjoyable. We’ve done it programmatically by using LDAP and lots of application logic to show or hide links and to allow or deny access to pages. Even though it worked, and it worked well, it took much longer to program initially, and it was quite a nuisance to maintain. On the other hand, if you already have an authentication and authorization framework that offers you all the same benefits, you should, by all means, use it, and if it’s portable and works well, share it!

Our biggest issues with container-managed security have been related to the servlet container’s implementation of the Servlet specification. We recommend testing your application on Tomcat if you’re experiencing problems with configuring security. If your application works on Tomcat, your container might have some problems, and it’s time to do some research or write a workaround, or even to move to a different container (if that’s an option). Developing on Tomcat can be a great time-saver!


Authentication Mechanism Login Request Secure Socket Layer Transport Layer Security Secure Hash Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Simon Brown, Sam Dalton, Daniel Jepp, Dave Johnson, Sing Li, and Matt Raible 2005

Personalised recommendations