| <html><head> |
| <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
| <title>Chapter 6. Best Practices</title><link rel="stylesheet" href="css/stylesheet.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.0"><link rel="home" href="index.html" title="Apache Click"><link rel="up" href="index.html" title="Apache Click"><link rel="prev" href="ch05s03.html" title="5.3. Auto Deployed Files"><link rel="next" href="ch06s02.html" title="6.2. Packages and Classes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. Best Practices</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch05s03.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ch06s02.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 6. Best Practices"><div class="titlepage"><div><div><h2 class="title"><a name="chapter-best-practices"></a>Chapter 6. Best Practices</h2></div></div></div><div class="toc"><dl><dt><span class="sect1"><a href="ch06.html#security">6.1. Security</a></span></dt><dd><dl><dt><span class="sect2"><a href="ch06.html#declarative-security">6.1.1. Declarative Security</a></span></dt><dt><span class="sect2"><a href="ch06.html#alternatve-security-solutions">6.1.2. Alternative Security solutions</a></span></dt><dt><span class="sect2"><a href="ch06.html#resources">6.1.3. Resources</a></span></dt></dl></dd><dt><span class="sect1"><a href="ch06s02.html">6.2. Packages and Classes</a></span></dt><dd><dl><dt><span class="sect2"><a href="ch06s02.html#page-classes">6.2.1. Page Classes</a></span></dt></dl></dd><dt><span class="sect1"><a href="ch06s03.html">6.3. Page Auto Mapping</a></span></dt><dt><span class="sect1"><a href="ch06s04.html">6.4. Navigation</a></span></dt><dt><span class="sect1"><a href="ch06s05.html">6.5. Templating</a></span></dt><dt><span class="sect1"><a href="ch06s06.html">6.6. Menus</a></span></dt><dt><span class="sect1"><a href="ch06s07.html">6.7. Logging</a></span></dt><dt><span class="sect1"><a href="ch06s08.html">6.8. Error Handling</a></span></dt><dt><span class="sect1"><a href="ch06s09.html">6.9. Performance</a></span></dt></dl></div><p>This chapter discusses Best Practices for designing and building Apache |
| Click applications. |
| </p><div class="sect1" title="6.1. Security"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="security"></a>6.1. Security</h2></div></div></div><p>For application security it is highly recommended that you use the |
| declarative JEE Servlet path role based security model. While Click pages |
| provide an <code class="methodname">onSecurityCheck()</code> method for rolling your own |
| programmatic security model, the declarative JEE model provides numerous |
| advantages. |
| </p><p>These advantages include: |
| </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> Its an industry standard pattern making development and maintenance |
| easier. |
| </p></li><li class="listitem"><p> Application servers generally provide numerous ways of integration |
| with an organisations security infrastructure, including LDAP directories |
| and relational databases. |
| </p></li><li class="listitem"><p> Servlet security model support users bookmarking pages. When users |
| go to access these pages later, the container will automatically authenticate |
| them before allowing them to access the resource. |
| </p></li><li class="listitem"><p> Using this security model you can keep your Page code free of |
| security concerns. This makes you code more reusable, or at least easier |
| to write. |
| </p></li></ul></div><p>If your application has very fine grained or complex security requirements |
| you may need to combine both the JEE declarative security model and a |
| programmatic security model to meet your needs. In these cases its |
| recommended you use declarative security for course grained access and |
| programmatic security for finner grained access control. |
| </p><div class="sect2" title="6.1.1. Declarative Security"><div class="titlepage"><div><div><h3 class="title"><a name="declarative-security"></a>6.1.1. Declarative Security</h3></div></div></div><p> The declarative JEE Servlet security model requires users to be |
| authenticated and in the right roles before they can access secure resources. |
| Relative to many of the JEE specifications the Servlet security model is |
| surprisingly simple. |
| </p><p> |
| For example to secure admin pages, you add a security |
| constraint in your <code class="filename">web.xml</code> file. This requires users |
| to be in the <code class="varname">admin</code> role before they can access to any |
| resources under the <span class="symbol">admin</span> directory: |
| </p><pre class="programlisting"><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><security-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><web-resource-collection></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><web-resource-name></span>admin<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></web-resource-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><url-pattern></span><span class="symbol">/admin/*</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></url-pattern></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></web-resource-collection></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><auth-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><role-name></span><code class="varname">admin</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></role-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></auth-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></security-constraint></span></pre><p>The application user roles are defined in the <code class="filename">web.xml</code> |
| file as <code class="literal">security-role</code> elements: |
| </p><pre class="programlisting"><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><security-role></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><role-name></span><code class="varname">admin</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></role-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></security-role></span></pre><p>The Servlet security model supports three different authentication method:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> |
| <code class="literal">BASIC</code> - only recommended for internal |
| applications where security is not important. This is the easiest |
| authentication method, which simply displays a dialog box to users |
| requiring them to authenticate before accessing secure resources. |
| The BASIC method is relatively insecure as the username and password |
| are posted to the server as a Base64 encoded string. |
| </p></li><li class="listitem"><p> |
| <code class="literal">DIGEST</code> - recommended for internal applications |
| with a moderate level of security. As with BASIC authentication, |
| this method simply displays a dialog box to users requiring them to |
| authenticate before accessing secure resources. Not all application |
| servers support DIGEST authentication, with only more recent |
| versions of Apache Tomcat supporting this method. |
| </p></li><li class="listitem"><p> |
| <code class="literal">FORM</code> - recommended applications for where |
| you need a customised login page. For applications requiring a high |
| level of security it is recommended that you use the FORM method |
| over HTTPS. |
| </p></li></ul></div><p>The authentication method is specified in the <login-method> element. |
| For example to use the BASIC authentication method you would specify: |
| </p><pre class="programlisting"><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><login-config></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><auth-method></span><code class="varname">BASIC</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></auth-method></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><realm-name></span>Admin Realm<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></realm-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></login-config></span></pre><p>To use the FORM method you also need to specify the path to the login |
| page and the login error page: |
| </p><pre class="programlisting"><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><login-config></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><auth-method></span><code class="varname">FORM</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></auth-method></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><realm-name></span>Secure Realm<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></realm-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><form-login-config></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><form-login-page></span><span class="symbol">/login.htm</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></form-login-page></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><form-error-page></span><span class="symbol">/login.htm?auth-error=true</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></form-error-page></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></form-login-config></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></login-config></span></pre><p>In your Click <code class="filename">login.htm</code> page you need to include a |
| special <code class="varname">j_security_check</code> form which includes the input |
| fields <code class="varname">j_username</code> and <code class="varname">j_password</code>. |
| For example: |
| </p><pre class="programlisting"><span class="command"><strong>#if</strong></span> ($request.getParameter("<span class="symbol">auth-error</span>")) |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><div</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">style</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"margin-bottom:1em;margin-top:1em;color:red;"</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag">></span> |
| Invalid User Name or Password, please try again.<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><br/></span> |
| Please ensure Caps Lock is off. |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></div></span> |
| <span class="command"><strong>#end</strong></span> |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><form</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">method</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"POST"</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">action</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"</span><code class="varname">j_security_check</code>" name="form"> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><table</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">border</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"0"</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">style</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"margin-left:0.25em;"</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag">></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><tr></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><td></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><label></span>User Name<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></label></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><font</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">color</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"red"</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag">></span>*<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></font></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></td></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><td></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><input</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">type</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"text"</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">name</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"</span><code class="varname">j_username</code>" maxlength="20" style="width:150px;"/><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></td></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><td></span>&nbsp;<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></td></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></tr></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><tr></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><td></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><label></span>User Password<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></label></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><font</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">color</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"red"</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag">></span>*<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></font></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></td></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><td></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><input</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">type</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"password"</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">name</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"</span><code class="varname">j_password</code>" maxlength="20" style="width:150px;"/><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></td></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><td></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><input</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">type</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"image"</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">src</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"$context/images/login.png"</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">title</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"Click to Login"</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag">/></span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></td></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></tr></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></table></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></form></span> |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><script</span> <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="atn">type</span>=<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="pln">"text/javascript"</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag">></span> |
| document.form.j_username.focus(); |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></script></span></pre><p>When using FORM based authentication do <span class="bold"><strong>NOT</strong></span> |
| put application logic in a Click Login Page class, as the role of this page |
| is to simply render the login form. If you attempt to put navigation logic |
| in your Login Page class, the JEE Container may simply ignore it or throw |
| errors. |
| </p><p>Putting this all together below is a <code class="filename">web.xml</code> |
| snippet which features security constraints for pages under the admin |
| path and the user path. This configuration uses the FORM method for |
| authentication, and will also redirect unauthorized (403) requests to the |
| <code class="filename">/not-authorized.htm</code> page. |
| </p><pre class="programlisting"><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><web-app></span> |
| |
| .. |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><error-page></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><error-code></span>403<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></error-code></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><location></span><code class="varname">/not-authorized.htm</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></location></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></error-page></span> |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><security-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><web-resource-collection></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><web-resource-name></span>admin<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></web-resource-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><url-pattern></span><code class="varname">/admin/*</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></url-pattern></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></web-resource-collection></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><auth-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><role-name></span><span class="symbol">admin</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></role-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></auth-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></security-constraint></span> |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><security-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><web-resource-collection></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><web-resource-name></span>user<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></web-resource-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><url-pattern></span><code class="varname">/user/*</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></url-pattern></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></web-resource-collection></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><auth-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><role-name></span><span class="symbol">admin</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></role-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><role-name></span><span class="symbol">user</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></role-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></auth-constraint></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></security-constraint></span> |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><login-config></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><auth-method></span><code class="varname">FORM</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></auth-method></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><realm-name></span>Secure Zone<span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></realm-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><form-login-config></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><form-login-page></span><code class="varname">/login.htm</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></form-login-page></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><form-error-page></span><code class="varname">/login.htm?auth-error=true</code><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></form-error-page></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></form-login-config></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></login-config></span> |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><security-role></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><role-name></span><span class="symbol">admin</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></role-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></security-role></span> |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><security-role></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"><role-name></span><span class="symbol">user</span><span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></role-name></span> |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></security-role></span> |
| |
| <span xmlns:fo="http://www.w3.org/1999/XSL/Format" class="tag"></web-app></span></pre></div><div class="sect2" title="6.1.2. Alternative Security solutions"><div class="titlepage"><div><div><h3 class="title"><a name="alternatve-security-solutions"></a>6.1.2. Alternative Security solutions</h3></div></div></div><p> There are also alternative security solutions that provide extra |
| features not available in JEE, such as RememberMe functionality, better |
| resource mapping and <code class="literal">Post Logon Page</code> support. |
| (<code class="literal">Post Logon Page</code> support allows one to specify a default |
| URL where the user will be forwarded after successful login. This feature |
| allows one to embed a login form in all non-secure pages and after successful |
| authentication the user will be forwarded to their home page.) |
| </p><p>Below are some of the alternative security solutions available: |
| </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> |
| <a xmlns:fo="http://www.w3.org/1999/XSL/Format" class="external" href="http://static.springframework.org/spring-security/site/index.html" target="_blank">Spring Security</a> |
| </p></li><li class="listitem"><p> |
| <a xmlns:fo="http://www.w3.org/1999/XSL/Format" class="external" href="http://securityfilter.sourceforge.net/" target="_blank">SecurityFilter</a> |
| </p></li><li class="listitem"><p> |
| <a xmlns:fo="http://www.w3.org/1999/XSL/Format" class="external" href="http://incubator.apache.org/shiro/" target="_blank">Apache Shiro</a> |
| </p></li></ul></div></div><div class="sect2" title="6.1.3. Resources"><div class="titlepage"><div><div><h3 class="title"><a name="resources"></a>6.1.3. Resources</h3></div></div></div><p>For more information on using security see the resources below:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> |
| <a xmlns:fo="http://www.w3.org/1999/XSL/Format" class="external" href="http://www.scribd.com/doc/34531398/Form-Based-Authentication" target="_blank"> |
| Form Based Authentication |
| </a> by Louis E. Mauget |
| </p></li><li class="listitem"><p> |
| <a xmlns:fo="http://www.w3.org/1999/XSL/Format" class="external" href="http://java.sun.com/products/servlet/download.html" target="_blank">Servlet Specification</a> |
| by Sun Microsystems |
| </p></li><li class="listitem"><p> |
| <a xmlns:fo="http://www.w3.org/1999/XSL/Format" class="external" href="http://en.wikipedia.org/wiki/Basic_authentication_scheme" target="_blank"> |
| Basic authentication scheme |
| </a> |
| </p></li><li class="listitem"><p> |
| <a xmlns:fo="http://www.w3.org/1999/XSL/Format" class="external" href="http://en.wikipedia.org/wiki/Digest_access_authentication" target="_blank"> |
| Digest authentication scheme |
| </a> |
| </p></li><li class="listitem"><p> |
| <a xmlns:fo="http://www.w3.org/1999/XSL/Format" class="external" href="http://en.wikipedia.org/wiki/Https" target="_blank">Https URI scheme</a> |
| </p></li></ul></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch05s03.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="ch06s02.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">5.3. Auto Deployed Files </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 6.2. Packages and Classes</td></tr></table></div></body></html> |