8.2. Example: Combining Container-Managed and Programmatic Security

Listing 8.2 presents a JSP page that augments the internal Web site for hot-dot-com.com that is introduced in Section 7.4. The page shows plans for employee pay. Because of entries in web.xml (Listing 8.3), the page can be accessed only by users in the employee or executive roles. Although both groups can access the page, they see substantially different results. In particular, the planned pay scales for executives is hidden from the normal employees.

Figure 8-1 shows the page when it is accessed by user gates or ellison (both in the employee role; see Listing 7.25). Figure 8-2 shows the page when it is accessed by user mcnealy (in the executive role). Remember that BASIC security ...

Get More Servlets and JavaServer Pages™ now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.