Security Requirements forWeb Applications
Security Requirements forWeb Applications
elements is shown in the following web.xml deployment descriptor snippet:
name defined in the <role-name> element nested within the <security-role-ref> element.
The <role-link> element in the web.xml deployment descriptor must match a <role-name>
defined in the <security-role> element of the web.xml deployment descriptor, as shown here:
application to an application deployer for installation into a runtime environment. Application
developers communicate how the security is to be set up for the deployed application
declaratively by use of the deployment descriptor mechanism or programmatically by use of
annotations. When this information is passed on to the deployer, the deployer uses this
information to define method permissions for security roles, set up user authentication, and
whether or not to use HTTPS for transport. If you don't define security requirements, the
deployer will have to determine the security requirements independently.
deployment descriptor, the value in the deployment descriptor overrides any values specified in
annotations. If a value for a method has not been specified in the deployment descriptor, and a
value has been specified for that method by means of the use of annotations, the value specified
in annotations will apply. The granularity of overriding is on the per-method basis.
element. The full attribute defines whether the web application deployment descriptor is
complete, or whether the class files of the JAR file should be examined for annotations that
specify deployment information. When the full attribute is not specified, or is set to false, the
deployment descriptors examine the class files of applications for annotations that specify