So, are you saying that for web applications, I can already ignore the security
APIs because
the servlet container will already provide the security as long as I define the
security constraints,
roles, etc?
I'm currently studying Java security and how I can use them for web
applications. Before this week
I had no previous background on Java security. Can anybody suggest sites or
docs
which will help me better understand how Java security works for web apps?
I'm starting on the book "Java 2 Network Security 2nd Edition (Pistoia, Reller,
Gupta, Nagnur, Ramani)" but
it seems to focus on applets and applications, with a minimal discussion on
server-side Java.
Can anybody suggest anything more focused on servlets?
Thanks.
kishor bhagwat <[EMAIL PROTECTED]> on 12/07/2000 10:26:28 PM
Please respond to "A mailing list for discussion about Sun Microsystem's Java
Servlet API Technology." <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: (bcc: Hubert Rabago/GIRC/SVI)
Subject: Servlets & web app security
hello!
I've been out a few days, and on coming back i noticed a few mails about
protecting files/servlets and general webapp security...here's my two cents
on it..
the servlet specification requires the servlet container to provide some
security features.
In particular, with Tomcat, you can have quite good control over your web
application.
For eg, in the web.xml file of your web application, you can define a
collection of resources(servlets, htmls, images etc) and then define
secuirity constraints, security roles, authentication methods etc for that
particular collection.
for more information, just go thru the DTD of the web.xml file that came
with Tomcat...
hope this helps,
kishor
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
