I decided to implement the basic form authentication, which appears to be the best solution in order to achieve authentication using the login form. Moreover it allows me to decide the appearance of the login form, in order to better suit the application which it belongs to.
The diagram that explains the authentication mechanism is visible in the next figure:
 |
| Form-based authentication diagram |
More information about the form-based authentication is visible at the Java EE 6 tutorial: http://download.oracle.com/javaee/6/tutorial/doc/gkbaa.html#bncbq
Moreover I have to choose if I want to implement the security following a declarative paradigm or a programmatic paradigm.
- With declarative security, all the security settings of the application (authentication requirements, roles, security controls...) are specified using annotations and/or deployment descriptors.Thus the security relies on the container for its management.
- With programmatic security, the security is managed directly by entities, classes, servlets and page views. In other words, it is integrated inside the application.
Intuitively I will follow the first approach.
Nessun commento:
Posta un commento