{scrollbar}

Protecting URLs

If one attempted to differentiate between web resource authorization and domain object authorization, one could say that web resource authorization is more coarse-grained. It protects web resources, all of which are uniquely identified by a URL. URLs can point to static resources like images or they can point to dynamic resources such as the pages of a web application. Web resource authorization, as used in this document, deals with the latter. Web security is referred to as coarse-grained since web resource authorization doesn't enforce security on methods or even instances that are involved in dynamically creating a web page. That's not to say that one can't have finer grain control using domain object authorization--it's just that web resource authorization is the first security gate through which a user must pass.

...