my dog learned polymorphism
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Container managed security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Container managed security" Watch "Container managed security" New topic

Container managed security

Saha Kumar
Ranch Hand

Joined: Feb 23, 2006
Posts: 218

I want to use container-managed security for authentication and authorization. I have read the correspondance from this group on the subject. My question is once the customer has entered the userid/password and been authenticated, how can I store the customer profile in the customer's http session? For example, the RDB realm in Tomcat does not have access to the Http session of a given user. I want to at least be able to store some kind of id which identifies the user in the user's session.


s khosa
Ranch Hand

Joined: May 15, 2003
Posts: 72
Could u please provide some more details about ur application setup? Are you not using servlets on Tomcat?

Chandra Sagi
Ranch Hand

Joined: May 05, 2005
Posts: 162
If you are not having having Session, then other ways would be to have hidden variables, cookies and URL rewriting. These three methods are unsecure though. You could write some code to encode the password while storing it as a cookie or sending it across pages as hidden variables and also in URL rewriting. This may not be a good idea in big applications.

Saha Kumar
Ranch Hand

Joined: Feb 23, 2006
Posts: 218
Thanks for the replies. I am using form-based login and tomcat. I just thought of a way...once the customer has been authenticated, to get the customer profile data, I can use: request.getUserPrincipal() to get the user name and then use it to look up the customer's profile data.

Many thanks.
I agree. Here's the link:
subject: Container managed security
It's not a secret anymore!