Summary
We hope we’ve convinced you that security is pretty easy to add to a web application. It offers many benefits after it’s been added: customization based on role, an auditing log, and password encryption. In our experience, using container-managed security has made our development existence more enjoyable. We’ve done it programmatically by using LDAP and lots of application logic to show or hide links and to allow or deny access to pages. Even though it worked, and it worked well, it took much longer to program initially, and it was quite a nuisance to maintain. On the other hand, if you already have an authentication and authorization framework that offers you all the same benefits, you should, by all means, use it, and if it’s portable and works well, share it!
Our biggest issues with container-managed security have been related to the servlet container’s implementation of the Servlet specification. We recommend testing your application on Tomcat if you’re experiencing problems with configuring security. If your application works on Tomcat, your container might have some problems, and it’s time to do some research or write a workaround, or even to move to a different container (if that’s an option). Developing on Tomcat can be a great time-saver!
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Editor information
Rights and permissions
Copyright information
© 2005 Simon Brown, Sam Dalton, Daniel Jepp, Dave Johnson, Sing Li, and Matt Raible
About this chapter
Cite this chapter
(2005). Security in Web Applications. In: Mukhar, K. (eds) Pro JSP 2. A-Press. https://doi.org/10.1007/978-1-4302-0111-3_12
Download citation
DOI: https://doi.org/10.1007/978-1-4302-0111-3_12
Publisher Name: A-Press
Print ISBN: 978-1-59059-513-8
Online ISBN: 978-1-4302-0111-3
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)