The Big Jobs in servlet security
The table below will give you a feel for the key items in servlet security. Authorization is the most time-consuming to implement and Authentication is next. From the servlet perspective, Confidentiality and Data Integrity are pretty easy to set up.[12]
Security concept | Who’s responsible? | Complexity level | Effort level | Exam importance |
|---|---|---|---|---|
Authentication | Admin | medium | high | medium |
Authorization | Deployer (mostly) | high | high | high |
Confidentiality | Deployer | low | low | low |
Data Integrity | Deployer | low | low | low |
We’re going to emphasize Authorization in this chapter because it’s the most important and complex of the vendor-neutral security concepts.
[12] Actually, getting the SSL certification is not trivial, so by “easy” we mean “you don’t really do anything in your servlet code.”
Get Head First Servlets and JSP, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
