This week covers advanced aspects of webapp development. They include declarative security, filters and dynamic scheduling, listeners and the webapp life-cycle, and design patterns.

• Why: Authentication and encryption without programming.
• What: Designate pages that must be secured.
• How: Define roles and users in conf/tomcat-users.xml; select the needed security and the URLs to secure in web.xml.
• Example: add a login to an existing webapp

• Why: Refactor the webapp without recompiling
• What: Intercept the flow anywhere between the client, the servlets, and the JSPs on the way in or out.
• How: Designate the interception points in web.xml; implement Filter; read and optionally modify the request or response; continue down the pipeline or abort.
• Example: add a new validation; support a new protocol; log; compress; etc.

• Why: Authentication and encryption without programming.

• See the web_security.xml file in the Resource Directory under jee.
• See the web_filter.xml file and PrimeFilter.java“ in the Resource Directory under jee. Look at the labtest directory in the Resource Directory. * Look at CUSTdemo in the Resource Directory under jsp. * Read Chapter 6 up to and excluding Section 6.7. * Read Chapter 8, Section 8.6 and 8.7.