Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    Head First Servlets and JSP™
    Dedication
    A Note Regarding Supplemental Files
    Praise for Head First Servlets and JSP™
    Praise for the Head First approach
    Perpetrators of the Head First series (and this book)
    How to Use this Book: Intro
    1. Intro and Overview: Why use Servlets & JSPs?
    2. High-Level Overview: Web App Architecture
    3. Hands-on MVC: Mini MVC Tutorial
    4. Request and Response: Being a Servlet
    5. Attributes and Listeners: Being a Web App
    6. Session Management: Conversational state
    7. Using JSP: Being a JSP
    8. Scriptless JSP: Script-free pages
    9. Using JSTL: Custom tags are powerful
    10. Custom Tag Development: When even JSTL is not enough...
    11. Web App Deployment: Deploying your web app
    12. Web App Security: Keep it secret, keep it safe
    The Bad Guys are everywhere
    And it’s not just the SERVER that gets hurt...
    The Big 4 in servlet security
    A little security story
    How to Authenticate in HTTP World: the beginning of a secure transaction
    A slightly closer look at how the Container does Authentication and Authorization
    How did the Container do that ?
    Keep security out of the code!
    Who implements security in a web app?
    The Big Jobs in servlet security
    Just enough Authentication to discuss Authorization
    Authorization Step 1: defining roles
    Authorization Step 2: defining resource/method constraints
    The <security-constraint> rules for <web-resource-collection> elements
    Picky <security-constraint> rules for <auth-constraint> sub-elements
    The way <auth-constraint> works
    How multiple <security-constraint> elements interact
    Dueling <auth-constraint> elements
    Alice’s recipe servlet, a story about programmatic security...
    Customizing methods: isUserInRole()
    The declarative side of programmatic security
    Authentication revisited
    Implementing Authentication
    Form-Based Authentication
    Summary of Authentication types
    She doesn’t know about J2EE’s “protected transport layer connection”
    Securing data in transit: HTTPS to the rescue
    How to implement data confidentiality and integrity sparingly and declaratively
    Protecting the request data
    Coffee Cram: Mock Exam Chapter 12
    Coffee Cram: Chapter 12 Answers
    13. Filters and Wrappers: The Power of Filters
    14. Patterns and Struts: Enterprise Design Patterns
    A. Final Mock Exam: Coffee Cram
    B.
    C.
    Index
    About the Authors
    Copyright
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • PrintPrint
    Share this Page URL
    Help

    12. Web App Security: Keep it secret, ke... > The <security-constraint> rules for ...

    The <security-constraint> rules for <web-resource-collection> elements

    Remember; the purpose of the <web-resource-collection> sub-element is to tell the container which resources and HTTP Method combinations should be constrained in such a way that they can be accessed only by the roles in the corresponding <auth-constraint> tag. We wish we could tell you to relax here, but you really do need to know the details of these elements. If you make one little mistake in the security part of your DD, you could leave the most sensitive parts of your app open to... everyone.

    Key points about <web-resource-collection>

    • The <web-resource-collection> element has two primary sub-elements: <url-pattern> (one or more) <http-method> (optional, zero or more).

    • The URL patterns and HTTP Methods together define resource requests that are constrained to be accessible by only those roles defined in <auth-constraint>.


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial