Chapter 31. Security

In this chapter

In Chapter 5, "Saving Data Between Requests," you saw how to create a login form and keep track of a user with the session object. The servlet container gives you an alternative to creating your own login form. By adding additional information to the deployment descriptor for your Web application, you can force the user to log in to the application without writing specific code for login authentication.

Role-Based Security

The authentication mechanism in the servlet specification uses a technique called role-based security. The idea is that rather than restricting ...

Get Special Edition Using Java™ Server Pages and Servlets now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.