120 CHAPTER 5 PERMUTATIONS PATTERN The generic
120 CHAPTER 5 PERMUTATIONS PATTERN The generic URL approach with specific content on authentication is promoted by web application frameworks because it is easy to implement. Web technologies are not constructed to process URLs in a manner more appropriate for Ajax applications. Without going into a deep URL design discussion, let s illustrate the problem by considering how to implement the home pages of the individual users who use the tilde character. When using Apache on the Linux operating system, the mapping of the tilde character and cgross identifier to a directory would be /home/cgross/public_html. If the user maryjane existed, the mapping would be /home/ maryjane/public_html. These two individuals have two separate mappings. Now imagine you are building a web application and you want cgross and maryjane to have identical default pages that are implemented by the ASP.NET page default.aspx. To achieve the goal, you would have to copy the ASP.NET page to the directories /home/cgross/public_html and /home/ maryjane/public_html. The default.aspx page has to be copied because the URLs /~cgross and /~maryjane are two distinct URLs, even though the default page functionalities are identical. Current web technologies cannot cope with such a scenario. Therefore, current web technologies take the other approach and say you have a common URL that needs to be specialized by using authentication, as illustrated in Figure 5-8. E B V N Figure 5-8. Associating a bank account with a user Figure 5-8 shows the JSP page /app/bankaccount.jsp. If either maryjaneor cgross wanted to access their bank account, each would perform a login, and an HTTP cookie would be associated with each login. Then both cgross and maryjane would access their bank account information from the same URL. This is a bad way of designing a URL for the following reasons: A user can use only one data set because there is no way for a super user to exist. For example, if resource-based URLs were used, a user could be authenticated but be able to access multiple resources. Security is put into the hands of the web application developer. To ensure that only authorized people are allowed access to certain pieces of information, the web application developer has to add barriers. The barriers are written into the web application, which all too often results in security problems. HTTP security is well known, welldefined, andstable,and those who manage it administrators are well aware of any security holes. Programmers, although capable and intelligent, are not security specialists.
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.