& Nbsp; controlling client access is an issue that developers must consider when developing a BS-based system. The configuration file-based security policy defined by JSP or SERVLET controls resources in a file, that is, only a certain view can be defined and all cannot be accessed. A complex system usually requires access control for a part of the view (such as a button in the JSP page), and only allows access by users of a certain role. If
Control client access is developed based onB/SThe architecture of the system developers must consider.JSPOrSERVLETThe standard configuration file-based security policy controls resources in a file, that is, only a certain view can be defined and all cannot be accessed. A complex system usually requires a part of the view (for exampleJSPA button in the page. If a programmable security policy is adopted, because the definition of user roles and operations cannot be defined during development, and this policy increases the workload of programmers, it may not be a good solution.