Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Container managed security

 
Saha Kumar
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I want to use container-managed security for authentication and authorization. I have read the correspondance from this group on the subject. My question is once the customer has entered the userid/password and been authenticated, how can I store the customer profile in the customer's http session? For example, the RDB realm in Tomcat does not have access to the Http session of a given user. I want to at least be able to store some kind of id which identifies the user in the user's session.

Thanks.

Saha
 
s khosa
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Could u please provide some more details about ur application setup? Are you not using servlets on Tomcat?

Thanks
 
Chandra Sagi
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are not having having Session, then other ways would be to have hidden variables, cookies and URL rewriting. These three methods are unsecure though. You could write some code to encode the password while storing it as a cookie or sending it across pages as hidden variables and also in URL rewriting. This may not be a good idea in big applications.

Cheers
Chandu
 
Saha Kumar
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the replies. I am using form-based login and tomcat. I just thought of a way...once the customer has been authenticated, to get the customer profile data, I can use: request.getUserPrincipal() to get the user name and then use it to look up the customer's profile data.

Many thanks.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic