In Servlet 3.0 use of annotations has made ease to provide security. through annotations one can provide security dynamically at the time of servlet registration. Key features on which servlet 3.0 security is based are listed below.
1) Authentication methods
2) Annotations
3) HttpOnly cookie (also SSO for which i have not much idea)
4) Http method Ommision tag
* Before 3.0 one has to map security configuration in DD ( web.xml ) , but in 3.0 use of annotations is enriched. Here a snap shot of servlet security is given ( that is not sufficient but necessary to know )
1) Authentication methods: HttpServletRequest has 3 imp methods that can check / validate user .
| boolean | authenticate(HttpServletResponse response)
Use the container login mechanism configured for the ServletContext to authenticate the user making this request. |
| java.security.Principal | getUserPrincipal()
Returns a java.security.Principal object containing the name of the current authenticated user. |
| boolean | isRequestedSessionIdFromCookie()
Checks whether the requested session ID came in as a cookie. |
| boolean | isRequestedSessionIdFromURL()
Checks whether the requested session ID came in as part of the request URL. |
| boolean | isRequestedSessionIdValid()
Checks whether the requested session ID is still valid. |
| boolean | isUserInRole(java.lang.String role)
Returns a boolean indicating whether the authenticated user is included in the specified logical "role". |
| void | login(java.lang.String username,
java.lang.String password)
Validate the provided username and password in the password validation realm used by the web container login mechanism configured for the ServletContext. |
| void | logout()
Establish null as the value returned when getUserPrincipal, getRemoteUser, and getAuthType is called on the request. |
No comments:
Post a Comment