- Declarative Security
Expand (p)
Up until now we have been using declarative security. This refers to the fact that none of our servlets or JSPs have had to worry about security. All security issues were handled by the web container and the deployment descriptor. This is a good thing, because your java code can focus on the business problem at hand and forget about security.
- Course Grained Security
Expand (p)
The problem is, Declarative security doesn't allow for very granular security. In other words, the most granular you can get with declarative security is "one page". For example, you could say: only "administrators" can access "config.jsp". But what if you wanted to be more granular than that?
- Fine Grained Security: Partial Page
Expand (p)
Suppose you wanted a third of a page to be protected. For example, lets say you had an intranet page called home.html. And lets say that this page would have three sections: sect1, sect2 and sect3. If the user was a manager or administrator, they would see all three sections. Otherwise, they would see only sect1 and sect2.
- Fine Grained Security: Date Sensitive
Expand (p)
Or, as another example, lets say you needed date sensitive security requirements. Suppose you have a section of an intranet called "tax records". And during the month of April, only "accounting" should have access to this section.
- Programmatic Security
Expand (p)
Neither the "partial page" scenario nor the "date sensitive" scenario can be accomplished with declarative security. This is where programmatic security comes in. To solve the problem of fine-grained security, the servlet spec provides for programmatic security. This comes in the form of two methods which can be called from any servlet or jsp.
- Two Methods
Expand (pre)
//return the userName, such as "dave"
String javax.servlet.http.HttpServletRequest.getRemoteUser()
//takes a roleName like "SmartSoftEmployees"
boolean javax.servlet.http.HttpServletRequest.isUserInRole(String roleName)
//These will both be demonstrated in the next examplet.