Wednesday, February 11, 2009

Web Security via web.xml

I think web.xml is often overlooked for a great many configuration options.  Personally, I’m guilty of limiting my use of the deployment descriptor to servlet, filter and tag configuration.  I don’t like to see the file get messy I guess.

This article talks about the authentication configuration options that can be used in web.xml.  This was something that I usually took care of in the web server configuration, not so much in the application server layer…but it looks like there are quite a few options here.

Understanding Web Security Using web.xml Via Use Cases | Javalobby

No comments: