With Resin 4.0’s WebBeans support, we can finally modularize and cleanup features like security, JMS, clustering and remoting. Since the WebBeans-style XML configuration selects a component based on package and classname, our XML configuration for security exactly matches our classes. For example, <sec:IfNetwork> is com.caucho.security.IfNetwork. Our JavaDoc can even serve as XML documentation and as Emil’s post shows, we can enable Eclipse to display those tags automatically.

JavaDoc is available for com.caucho.security, as well as documentation for Resin 4.0 security.

Since examples make configuration clearer, I’ve put together three typical security configurations:

• IP address protection: restricting admin pages to the local network
• Hiding pages from all browsers, like WEB-INF
• HTTP basic authentication for quick and dirty password protection

(more…)