Java EE Security: annotations vs deployment descriptor
https://stackoverflow.com/questions/9282983
-
29-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a question regarding Java EE security best practices. What are the advantages and disadvantages of using either annotations or a deployment descriptor to define Security for a web application? Are there cases where you favor one over the other?
Thank you in advance :)
Solution
Using annotations is elegant (you do not require additional XML files) but requires to recompile your code every time you made a change.
OTHER TIPS
Well, it is mater of fashion. Some years ago there was massive movement "to sepearate application instrumentation from the programming" (you can read, for example, spec of EJB, where there is special role for this even, this person is not have to be even programmer). In this way use of XML was indorsed (instead of plain txt file or property files). And than annotations bring back those XML file to the code. I think it is due the mass in Spring framework. It was really hard to configure application (there was no good way to "debug" your configuration). Using annotation is "lightweight" way to make configuration. In simple scenarios you can skip defining relationships between your components, because they can be inferred from you code elements.
