Performing Custom Form-Based Authorization
One way to perform custom authorization is by displaying a form when the user attempts to access a "protected" resource. You cannot protect a resource by simple system administration, as you saw in the server HTTP authentication. You will need to embed code to perform the authorization. Thus, only JSPs and servlets can be marked as protected resources because they are the only resources within which custom code can be added. Static resources, such as HTML pages and images, are therefore outside the scope of custom authorization.
Adding Bids for Items
For the first form-based custom authorization, you will develop the module that allows a user to place bids for an item. The different JSPs in ...
Get Java Server Pages from scratch now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.