O'Reilly logo

Head First Servlets and JSP, 2nd Edition by Bert Bates, Bryan Basham, Kathy Sierra

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How did the Container do that ?

You just got an overview of how the Container handles authentication and authorization. But what was going on inside the Container that made all that happen? Let’s speculate a little on what was going on behind the scenes, deep down in the heart of the Container...

image with no caption

Things the Container did:

  1. Performed a lookup on the resource being requested

    We already know that the Container is really good at finding resources. But now, once it finds the resource, it has to determine whether it’s a resource that anyone can view, or whether the resource has security constraints. Does the servlet itself have some sort of security flag? Is there a table somewhere?

  2. Performed some authentication

    Once the Container determines that it’s dealing with a secured resource, it has to authenticate the client. In other words, to find out if “Bob” really is Bob. (The most common way is to see if Bob knows his own password.)

  3. Performed some authorization

    Once the Container determines that it is the real Bob asking for this resource, the Container has to see whether Bob is allowed access to that resource. Let’s see, if we have 2,000,000 users, and 100 servlets in our webapp, we could throw together a little table with 200,000,000 cells...

    Whoa! This could get out of hand in a hurry if we’re not careful.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required