Performing Custom Authorization
You have seen how registered users can access the protected portions of the site for bidding and auctioning items. This authorization is performed by the form-based login that we reused from the user registration module. Now, we will develop an authorization routine that permits only a specific kind of users, the administrators, to use the protected resources.
This authorization routine is similar to the Client Authentication provided by Tomcat, except that you need to write extra code in your JSP to mark it as a protected resource.
Performing Custom Basic Authorization
In Basic authorization, the user ID and password are encoded according to the base64 encoding scheme and passed in the header. This ...
Get Java Server Pages from scratch now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
