This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Declarative v/s Programmatic

From OWASP
Jump to: navigation, search

You can restrict access to servlets and other resources in a Web Application by using security constraints. Security constraints are defined in the Web Application deployment descriptor (web.xml). There are three basic types of security constraints: 

   * Constraining resources by roles and/or resource
   * Secure Sockets Layer (SSL) encryption
   * Programmatic authorization

Roles can be mapped to a principal. Specific resources can be constrained by matching a URL pattern to a resource in a Web Application. You can also use Secure Sockets Layer (SSL) as a security constraint.

You can perform authorization programmatically, using one of the following methods of the HttpServletRequest interface: 

   * getRemoteUser()
   * isUserInRole()
   * getUserPrincipal()

For more information see the javax.servlet API.

Retrieved from "https://wiki.owasp.org/index.php?title=Declarative_v/s_Programmatic&oldid=21296"