Hi folks,
In the JSP model with a servlet receiving the
request, instantiating a bean and returning it to a JSP (model II?), where is
the best/proper place to do access control validation? Say I have a
servlet that uses a bean to access a page in a database. The servlet
receives information to authenticate in the request- assume its just a userid
and a password. Should I have the servlet authenticate the userid and
password before instantiating the bean, or should I pass the info to the bean
and have it authenticate before it calls the database? Does it matter
w.r.t. security, and is there a proper place to do this?
Thanks!
-Richard
