[ Team LiB ] Previous Section Next Section

Summary

JavaServer Pages and servlets make several mechanisms available to Web developers to secure applications. Resources are protected declaratively by identifying them in the application deployment descriptor and assigning a role to them. Clients that act in a role are authorized to use resources that are linked to the role. Access can also be restricted by the HTTP method used to approach the resource.

Web applications may declare a data constraint that defines the level of data integrity. One of the more important facets of this is the ability to secure the communications channel. SSL is commonly used to do this.

Several levels of authentication are available, ranging from basic authentication using identifiers and passwords to sophisticated authentication using certificates. If you use FORM authentication, you can customize the forms used to authenticate a client.

It's also easy to write applications whose behavior depends on the identity or role of the client.

    [ Team LiB ] Previous Section Next Section