So far, we have seen declarative syntax for specifying security constraints; that is, by specifying <security-constraint>
in web.xml
. However, security constraints can also be specified using Java annotations, specifically for servlets. In this section, we will create AdminServlet
and secure it with annotations. Follow the steps in the previous section to import the CourseManagementJDBC
project from Chapter09
, but rename it CourseManagementJDBC-SecureAnnotations
, and import it into the workspace. Then, add only <login-config>
in web.xml
, but do not specify <security-constraint>
:
<login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login-error.jsp</form-error-page> </form-login-config> </login-config>
Make sure you have copied login.jsp
and login-error.jsp
, as described in the...