hello.jsp 2.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152
  1. <%@ include file="/WEB-INF/jsp/include.jsp" %>
  2. <html>
  3. <head><title>Contacts Security Demo</title></head>
  4. <body>
  5. <h1>Contacts Security Demo</h1>
  6. <P>Contacts demonstrates the following central Spring Security capabilities:
  7. <ul>
  8. <li><b>Role-based security</b>. Each principal is a member of certain roles,
  9. which are used to restrict access to certain secure objects.</li>
  10. <li><b>Domain object instance security</b>. The <code>Contact</code>, the
  11. main domain object in the application, has an access control list (ACL)
  12. that indicates who is allowed read, administer and delete the object.</li>
  13. <li><b>Method invocation security</b>. The <code>ContactManager</code> service
  14. layer bean has a number of secured (protected) and public (unprotected)
  15. methods.</li>
  16. <li><b>Web request security</b>. The <code>/secure</code> URI path is protected
  17. by Spring Security from principals not holding the
  18. <code>ROLE_USER</code> granted authority.</li>
  19. <li><b>Security unaware application objects</b>. None of the objects
  20. are aware of the security being implemented by Spring Security. *</li>
  21. <li><b>Security taglib usage</b>. All of the JSPs use Spring Security's
  22. taglib to evaluate security information. *</li>
  23. <li><b>Fully declarative security</b>. Every capability is configured in
  24. the application context using standard Spring Security classes. *</li>
  25. <li><b>Database-sourced security data</b>. All of the user, role and ACL
  26. information is obtained from an in-memory JDBC-compliant database.</li>
  27. <li><b>Integrated form-based and BASIC authentication</b>. Any BASIC
  28. authentication header is detected and used for authentication. Normal
  29. interactive form-based authentication is used by default.</li>
  30. <li><b>Remember-me services</b>. Spring Security's pluggable remember-me
  31. strategy is demonstrated, with a corresponding checkbox on the login form.</li>
  32. </ul>
  33. * As the application provides an "ACL Administration" use case, those
  34. classes are necessarily aware of security. But no business use cases are.
  35. <p>Please excuse the lack of look 'n' feel polish in this application.
  36. It is about security, after all! :-)
  37. <p>To demonstrate a public method on <code>ContactManager</code>,
  38. here's a random <code>Contact</code>:
  39. <p>
  40. <code>
  41. <c:out value="${contact}"/>
  42. </code>
  43. <p>Get started by clicking "Manage"...
  44. <p><A HREF="<c:url value="secure/index.htm"/>">Manage</a>
  45. <a href="<c:url value="secure/debug.jsp"/>">Debug</a>
  46. <a href="<c:url value="./frames.htm"/>">Frames</a>
  47. </body>
  48. </html>