Means, Garann R. wrote: > Hi, > > I'd like to limit access to the administrative section of my webapp, which > will be living on a Unix server. I'd very much appreciate the recommendation > of quality links and resources to help me define and implement a strategy > for this (rather than looking through everything I get with a Google search > and not knowing the good advice from the bad..). Does anyone have > suggestions?
I recommend that you check out the <security-constraint> element in the web.xml file, in the Servlet 2.3 spec or any recent book about servlets or JSP (such as my JavaServer Pages book, either the 1st or 2nd edition). This element allows you to define security rules for part of your application. Only consider rolling your own security mechanism if the one defined in the spec is too limited for your needs, since it's safer to let the container take care of it for you. Hans -- Hans Bergsten [EMAIL PROTECTED] Gefion Software http://www.gefionsoftware.com JavaServer Pages http://TheJSPBook.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
