background image

Using Deployment Descriptor

<< Using the RunAs Annotation | Security Role Reference Element >>
<< Using the RunAs Annotation | Security Role Reference Element >>

Using Deployment Descriptor

myCart.getTotal();
//....
}
}
//....
}
The @RunAs annotation is equivalent to the run-as element in the deployment descriptor.
Declaring Security Requirements in a Deployment
Descriptor
Web applications are created by application developers who give, sell, or otherwise transfer the
application to an application deployer for installation into a runtime environment. Application
developers communicate how the security is to be set up for the deployed application
declaratively by use of the deployment descriptor mechanism. A deployment descriptor enables
an application's security structure, including roles, access control, and authentication
requirements, to be expressed in a form external to the application.
A web application is defined using a standard Java EE web.xml deployment descriptor. A
deployment descriptor is an XML schema document that conveys elements and configuration
information for web applications. The deployment descriptor must indicate which version of
the web application schema (2.4 or 2.5) it is using, and the elements specified within the
deployment descriptor must comply with the rules for processing that version of the
deployment descriptor. Version 2.5 of the Java Servlet Specification, which can be downloaded
at
SRV.13, Deployment Descriptor (http://jcp.org/en/jsr/detail?id=154)
, contains more
information regarding the structure of deployment descriptors.
The following code is an example of the elements in a deployment descriptor that apply
specifically to declaring security for web applications or for resources within web applications.
This example comes from section SRV.13.5.2, An Example of Security, from the Java Servlet
Specification 2.5.
<?xml version=
"1.0" encoding="ISO-8859-1"?>
<web-app xmlns=
"http://java.sun.com/xml/ns/j2ee"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd
"
version=
"2.5">
<display-name>A Secure Application</display-name>
<!-- SERVLET -->
<servlet>
<servlet-name>catalog</servlet-name>
<servlet-class>com.mycorp.CatalogServlet</servlet-class>
Defining Security Requirements for Web Applications
Chapter 30 · Securing Web Applications
851