Are filters or phase listers a good way to do security in Java EE 6?

I've been doing it like this lately and find it so much better than XML hell(Spring security) or Glassfish security(because I don't need to have groups or set the tables up a certain way). Is this an ok way to secure Java EE applications? Thanks!

Answers


A homegrown Filter is perfectly doable when properly written, but it's less maintainable/reuseable because it's tight coupled to the webapplication in question. Java EE container managed security and Spring Security offers an API which is the same and reuseable for every webapplication. This may end up to be easier for developers/maintainers who are working on multiple different projects and wanted to implement/maintain the same. While relatively easy to implement, a homegrown Filter simply violates the DRY.

By the way, I wouldn't recommend using a PhaseListener for this since this hooks on JSF requests only, not on other requests like static CSS/JS/HTML files and "plain" JSP files.


Need Your Help

web service calling error of argument exception in window phone 7

c# web-services windows-phone-7

I am doing calling an asmx web service for window phone. Here is the code I have. When I execute this code, it gives me the error of:

Function returning incorrect response

php mysql function oop if-statement

I've got an issue with a function where it's returning data from the first if() statement as opposed to the secondary if() statement in a function, please see below.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.