Listing 8.2 presents a JSP page that augments the internal Web site for hot-dot-com.com that is introduced in Section 7.4. The page shows plans for employee pay. Because of entries in web.xml (Listing 8.3), the page can be accessed only by users in the employee or executive roles. Although both groups can access the page, they see substantially different results. In particular, the planned pay scales for executives is hidden from the normal employees.
Figure 8-1 shows the page when it is accessed by user gates or ellison (both in the employee role; see Listing 7.25). Figure 8-2 shows the page when it is accessed by user mcnealy (in the executive role). Remember that BASIC security provides no simple mechanism for changing your username once you are validated (see Section 7.3). So, for example, switching from user gates to user mcnealy requires you to quit and restart your browser.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>Compensation Plans</TITLE> <LINK REL=STYLESHEET HREF="company-styles.css" TYPE="text/css"> </HEAD> <BODY> <TABLE BORDER=5 ALIGN="CENTER"> <TR><TH CLASS="TITLE">Compensation Plans</TABLE> <P> Due to temporary financial difficulties, we are scaling back our very generous plans for salary increases. Don't worry, though: your valuable stock options more than compensate for any small drops in direct salary. <H3>Regular Employees</H3> Pay for median-level employee (Master's degree, eight year's experience): <UL> <LI><B>2002:</B> $50,000. <LI><B>2003:</B> $30,000. <LI><B>2004:</B> $25,000. <LI><B>2005:</B> $20,000. </UL> <% if (request.isUserInRole("executive")) { %> <H3>Executives</H3> Median pay for corporate executives: <UL> <LI><B>2002:</B> $500,000. <LI><B>2003:</B> $600,000. <LI><B>2004:</B> $700,000. <LI><B>2005:</B> $800,000. </UL> <% } %> </BODY> </HTML> |
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd"> <web-app> <!-- A servlet that redirects users to the home page. --> <servlet> <servlet-name>Redirector</servlet-name> <servlet-class>hotdotcom.RedirectorServlet</servlet-class> </servlet> <!-- Turn off invoker. Send requests to index.jsp. --> <servlet-mapping> <servlet-name>Redirector</servlet-name> <url-pattern>/servlet/*</url-pattern> </servlet-mapping> <!-- If URL gives a directory but no filename, try index.jsp first and index.html second. If neither is found, the result is server specific (e.g., a directory listing). --> <welcome-file-list> <welcome-file>index.jsp</welcome-file> <welcome-file>index.html</welcome-file> </welcome-file-list> <!-- Protect financial plan. Employees or executives. --> <security-constraint> <web-resource-collection> <web-resource-name>Financial Plan</web-resource-name> <url-pattern>/financial-plan.html</url-pattern> </web-resource-collection> <auth-constraint> <role-name>employee</role-name> <role-name>executive</role-name> </auth-constraint> </security-constraint> <!-- Protect business plan. Executives only. --> <security-constraint> <web-resource-collection> <web-resource-name>Business Plan</web-resource-name> <url-pattern>/business-plan.html</url-pattern> </web-resource-collection> <auth-constraint> <role-name>executive</role-name> </auth-constraint> </security-constraint> <!-- Protect compensation plan. Employees or executives. --> <security-constraint> <web-resource-collection> <web-resource-name>Compensation Plan</web-resource-name> <url-pattern>/employee-pay.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>employee</role-name> <role-name>executive</role-name> </auth-constraint> </security-constraint> <!-- Tell the server to use BASIC authentication. --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Intranet</realm-name> </login-config> </web-app> |
18.118.144.12