• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Container managed security

 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I want to use container-managed security for authentication and authorization. I have read the correspondance from this group on the subject. My question is once the customer has entered the userid/password and been authenticated, how can I store the customer profile in the customer's http session? For example, the RDB realm in Tomcat does not have access to the Http session of a given user. I want to at least be able to store some kind of id which identifies the user in the user's session.

Thanks.

Saha
 
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Could u please provide some more details about ur application setup? Are you not using servlets on Tomcat?

Thanks
 
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you are not having having Session, then other ways would be to have hidden variables, cookies and URL rewriting. These three methods are unsecure though. You could write some code to encode the password while storing it as a cookie or sending it across pages as hidden variables and also in URL rewriting. This may not be a good idea in big applications.

Cheers
Chandu
 
Saha Kumar
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the replies. I am using form-based login and tomcat. I just thought of a way...once the customer has been authenticated, to get the customer profile data, I can use: request.getUserPrincipal() to get the user name and then use it to look up the customer's profile data.

Many thanks.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic