View RSS Feed

Security

Servlet Security

  1. Explain declarative security for WEB applications

    by , 01-01-2012 at 05:03 PM
    Declarative security is implemented by the Servlet containers. Administration takes place via deployment descriptor web.xml file. Servlets & JSP pages along with the declarative security will become security aware code free. URLs could be protected via web.xml as it has been shown below:

    XML Code: This is a web.xml with the security tags
    <web-app>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>PrivateAndSensitive</web-resource-name>
    <url-pattern>/private/*</url-pattern>
    ...

    Updated 01-14-2012 at 06:52 PM by Servlet

    Categories
    Security
  2. Reading Request Headers from Servlets

    by , 11-28-2011 at 07:31 PM
    It is relatively easy to read headers. All you need to do is call the getHeader method of HttpServletRequest. If the specified header exists, the servlet returns a String, if not the servlet will return null. Unlike parameter names, header names are not case sensitive. Although getHeader is a general-purpose way to read incoming headers, there are a couple of headers that are so commonly used that they have special access methods in HttpServletRequest. They are listed below.
    • getCookies
    ...