In this chapter
In Chapter 5, "Saving Data Between Requests," you saw how to create a login form and keep track of a user with the
session object. The servlet container gives you an alternative to creating your own login form. By adding additional information to the deployment descriptor for your Web application, you can force the user to log in to the application without writing specific code for login authentication.
The authentication mechanism in the servlet specification uses a technique called role-based security. The idea is that rather than restricting ...