• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

using the j_security_check in production?

 
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi there

i'm prepering myself for the SCWCD exam and trying to create a "real" website with DB, members and etc.

i used the FORM method for login and the j_security check but got some Q the made me think it over? is it really being used in production???

it looks like it gives the developer an easy way to config his security area BUT it actually take the flexibility away!!!

for example:

1. if a user wants to login (just by clicking on login) without going into a security area first. we will probably need to redirect the link to a secure area to trigger the j_security_check and then to jump back to the page. is it a right way???

2. if the user wants to go to a secure page and triggers the login page. what happens if the username and pass are correct but the role is not enough for the page he requested? he will get a 403 error page. i made an error page for the 403 error and the error goes to the error page and then continue and show the user another 403 error page(at the urlline i see that the j_security_check took it over again after the error page was executed).

$$$$ is it not easier to make everything without the j_security_check. just making one DB table with username, pass and role???

can someone tell me if the j_security_check is really used in production? or is it just an option that nobody uses???

thanks and have a great day

dror
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From what I've seen, j_security is the most common method. In fact, I think the bigger the application, the more likely it is used. In an enterprise application, the entire thing is usually a secured resource. What you described in part 1 sounds more like a website with some dynamic content.

For a dynamic website you're right, FORM-based security might not be the best option. There's also a good chance that J2EE isn't the best option either.
 
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


There's also a good chance that J2EE isn't the best option either.





Care to explain marc.
 
reply
    Bookmark Topic Watch Topic
  • New Topic