2. ) Use of Annotations :
@ServletSecurity & @Inherited
We can define all security configuration in DD by use of annotations while creating a servlet.
for @ServletSecurity @WebServlet must be given with attribute urlPatterns [ else it will take as per defined in DD]. example
Only guest is allowed without any transport layer authentication check
@WebServlet(urlPattern="/secureServlet")
@ServletSecurity (
@ HttpConstraint ( rolesAllowed={"guest"}, transport.Guarantee=TransportGaurantee.NONE) )
-------------------------------------------------------------------------
No user is allowed
@ServletSecurity ( EmptyRoleSemantic.DENY )
-------------------------------------------------------------------------
All roles are allowed for all methods ; GET/POST only for guest user ; for Post transport layer needs to authenticated.
@ServletSecurity (
httpConstraint ={
@HttpMethodConstraint(value="GET", rolesAllowed="guest")
@HttpMethodConstraint(value="POST", rolesAllowed="guest", transport.Guarantee=TransportGaurantee.CONFIDENTIAL)
} )
-------------------------------------------------------------------------
All methods can be accessed only by role of guest ; TRACE is denied for all.
@ServletSecurity (
httpConstraint ={
@HttpMethodConstraint(value="TRACE", EmptyRoleSemantic.DENY )
@HttpMethodConstraint( rolesAllowed="guest")
} )
-------------------------------------------------------------------------
@Inherited
If superclass has provided annotation @ServletSecurity by default all its subclasses will inherit its Secirity contraints by the rules defined by @Inherited annotation.
If subclass provided its own @SS constraint then it will override base classes SS constraints.
No comments:
Post a Comment