Securing Java web apps without filters

I notice that "use a Filter" is the common response for securing Java web apps. We posted a short how-to for using the built-in web app security tools. It's easy to use and it can interface easily with a user database and require SSL encryption, but the configuration can be tricky.

http://chiralsoftware.com/blog/Securing-Java-web-applications-11abd75d347e00ae.html

I hope this is helpful.

[410 byte] By [linuxjavausera] at [2007-11-27 10:45:48]

«« How to test apps
»» Tomcat Admin Login issue

# 1

yeah, only a filter works on all servlet engines and not only tomcat.

gimbal2a at 2007-7-28 20:15:06 >

top of Java-index,Enterprise & Remote Computing,Web Tier APIs...

# 2

Declaring security constraints in web.xml (as described in the blog posting) will work on all containers, not just tomcat. The only tomcat-specific parts were defining the realm in server.xml and defining the users in tomcat-users.xml. Other containers would have different ways of providing those things. And they are all capable of providing realms. Filters give you no portability advantage over using Java security. I can't see any reason to use filters for authentication at this point.

linuxjavausera at 2007-7-28 20:15:06 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Securing Java web apps without filters

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified