• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Petstore authentication

 
Ranch Hand
Posts: 215
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Pet store app does not use any web based authentication i.e form based etc and instead uses application level authetication based on DB.
My question is that, in form based authentication, web container sends security context (user/role etc) with every request.
How is it done if I use application level authentication? Hidden fields on each page? I am not clear.
Also why couldn't form based authentication used with DB realm? What is the advantage of using application level authentication?

I found this good link
authentication and authorization
but my questions are not answered.
[ September 09, 2004: Message edited by: D. Rose ]
 
D. Rose
Ranch Hand
Posts: 215
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK. I got one of the answers from some petstore documentation.

Because the authentication mechanism is implemented as a filter component, it can be easily reused in other applications. JFC/Swing clients deployed using Java Web Start.



using web tier authentication would have meant separate authentication for other type of clients.

For my other questions, is it OK to store security context in session while using application based authentication? SignOn manager is SLSB.
 
D. Rose
Ranch Hand
Posts: 215
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, I have got my 2nd answer as well. After taking a look at petstore code, I figured out that user info is being stored in session.
 
reply
    Bookmark Topic Watch Topic
  • New Topic