Servlet filters

By now, the services should work fine and anyone can query the details of our products. This may be a problem. The details of the products are not necessarily public information. We have to ensure that we only serve the data to partners who are eligible to see it.

To ensure that, we need something in the request that proves that the request comes from a partner. This information is typically a password or some other secret. It could be placed into the GET request parameters or into the HTTP request header. It is better to put it into the header because the information is secret and not to be seen by anybody.

The GET parameters are a part of the URL, and the browser history remembers that. It is also very easy to enter this ...

Get Java Projects - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.