O'Reilly logo

Head First Servlets and JSP, 2nd Edition by Bert Bates, Bryan Basham, Kathy Sierra

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Authorization Step 2: defining resource/method constraints

Finally, the cool part. This is where we get to specify, declaratively, that a given resource/method combination is accessible only by users in certain roles. Most of the security work you’ll do is probably with <security-constraint> elements in your DD. (Lots of picky rules later.)

<security-constraint> element in the DD:

image with no caption
image with no caption
image with no caption

Because they’re in the “Member” role, Diane and Annie can do GET and POST on resources that fit the <url-pattern> elements. Ted is only a “Guest”, so he can’t do a GET or POST.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required