ACLs based on application roles

ACLs based on application roles - user will be useful to...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
Developer view of web application security In most cases, developer teams having a J2EE background outside of a WebSphere environment tend to see  security of their applications from a purely programmatic point of view. Skilled developers use methods  provided by the J2EE security API.  Through such a API, an application can gather information about the user making the request. For instance, the  API provides methods to obtain information such as the request for user ID or to query the request object to  find out if the user is enabled with a particular role, to mention a couple of methods. Knowing the role of a 
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: user will be useful to make decisions such as displaying or hiding objects on a resulting web page. This book will not cover the API, as it is a topic that falls within the development realm. For our purposes, we will just mention one of the methods of the javax. servlet.http.HttpServletRequest object: getRemoteUser(), which returns the user ID value as a String object. This method will be used in this chapter's min-project later in the chapter....
View Full Document

Ask a homework question - tutors are online