There are 3 types of Security in Web Applications:
1. Transport layer security - TLS
2. Message layer security - SOAP
3. Application layer security :
a) Container managed in J2EE
b) Independent of Container in Spring MVC. Handled by AOP.
Application layer security is being handled by Containers. Means, web container has the code to verify the security aspects of the request and upon verification lets it to access servlets. Before this request to be dispatched to an EJB Bean, EJB container has the code to verify the requester has sufficient privileges[Authorization] to access beans and upon verification, ti lets to access the EJB beans to process Business Logic.
Spring MVC:
In Spring MVC containers dont handled the security mechanism. This will be separately handled by another "Class" as an aspect[AOP]. Containers have no code to verify access related to the requester.
Spring Security Class/Handler has an XML[just like IOC Container has an XML] configured in web.xml. Spring Security Class has further processes the Authentication/ Authorization of the requester via various Filters/Interceptors chain. Hence, the security mechanism is independent of container. Kind of AOP, the security code can be injected anywhere.
1. Transport layer security - TLS
2. Message layer security - SOAP
3. Application layer security :
a) Container managed in J2EE
b) Independent of Container in Spring MVC. Handled by AOP.
 |
| J2EE |
Spring MVC:
In Spring MVC containers dont handled the security mechanism. This will be separately handled by another "Class" as an aspect[AOP]. Containers have no code to verify access related to the requester.
Spring Security Class/Handler has an XML[just like IOC Container has an XML] configured in web.xml. Spring Security Class has further processes the Authentication/ Authorization of the requester via various Filters/Interceptors chain. Hence, the security mechanism is independent of container. Kind of AOP, the security code can be injected anywhere.
No comments:
Post a Comment