Prentice Hall and Sun Microsystems. Personal use only; do not redistribute.

4.5 Restricting Access to Web Pages

107

Figure 4 3

Since the Windows version of Internet Explorer 5.0 supports gzip, this 

page was sent gzipped over the network and reconstituted by the browser, resulting in a 

large saving in download time.

4.5 Restricting Access to Web 

Pages

Many Web servers support standard mechanisms for limiting access to desig 

nated Web pages. These mechanisms can apply to static pages as well as

those generated by servlets, so many authors use their server specific mecha 

nisms for restricting access to servlets. Furthermore, most users at e com 

merce sites prefer to use regular HTML forms to provide authorization

information since these forms are more familiar, can provide more explana 

tory information, and can ask for additional information beyond just a user 

name and password. Once a servlet that uses form based access grants initial

access to a user, it would use session tracking to give the user access to other

pages that require the same level of authorization. See Chapter 9 (Session

Tracking) for more information.

Nevertheless, form based access control requires more effort on the part

of the servlet developer, and HTTP based authorization is sufficient for many

simple applications. Here's a summary of the steps involved for  basic  autho 

rization. There is also a slightly better variation called  digest  authorization,

but among the major browsers, only Internet Explorer supports it.

Second edition of this book: www.coreservlets.com; Sequel: www.moreservlets.com.

Servlet and JSP training courses by book's author: courses.coreservlets.com.