aspose file tools*
The moose likes Security and the fly likes Beginner- Login Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Beginner- Login" Watch "Beginner- Login" New topic
Author

Beginner- Login

Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
Hello Friends,Gurus of Java,

I would like to implement login functionality with authorization in java.

I have tried in basic authentication and form based of tomcat, where security is based on tomcat-users.xml

But How to do authentication based on DB, LDAP things.
Where should i start?
What tools should i use?

In our project, we long back have SSO functionality using CAS.

I would like to learn and implement from scratch and keep it as reusable template.


Can anyone throw me some light how and from where to start?

Regards


SCJP 1.4 SCWCD 1.4 SCDJWS 1.4
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42289
    
  64
If your requirements are simple you may not need to do much of anything. Tomcat has other authentication options besides the XML file, e.g. accessing a DB, LDAP or JAAS. Check out the Tomcat realm documentation for further details.


Ping & DNS - my free Android networking tools app
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
I saw a bunch, and I mean a bunch of login / authenticaton stuff already built and available on the Sun site.

Java Authentication and Authorization Service (JAAS)
Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
Thank You very much ranchers.Will look into that and post.
Karthik Rajendiran
Ranch Hand

Joined: Aug 13, 2004
Posts: 211
Hello Friends,

IS using realam a best practise?

I have seen in one application, where they have just normal struts action to submit the login form,

THe authentication part is done in filter for that action , with DB.
Which one is the best practise?

For SSO,
What is the best practise to follow for sso. I mean which api or tool to use it?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42289
    
  64
There is no best practice, really. It depends a whole lot on the requirements of your application. Some applications need more functionality than realms provide; in that case you need to roll your own.

Struts in particular needs to make do with what the Servlet API provides. That rules out using realms (which are a Tomcat-only thing).
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
Best practice is to make an Interlock. A grid, no matter how minor such that the system will continue to function in a reliable manner with 20% of the system broken, often this lattice brings Trust, Logging, Training, Observation and Rollback. Risk/Reward must be given some place in the analysis matrix, logon authentication is complexified by the fact that people will stickum the password on the front of the monitor.

One would not do that with keys to a storage shed.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Beginner- Login