| Author |
Container managed security
|
Saha Kumar
Ranch Hand
Joined: Feb 23, 2006
Posts: 218
|
|
Hello,
I want to use container-managed security for authentication and authorization. I have read the correspondance from this group on the subject. My question is once the customer has entered the userid/password and been authenticated, how can I store the customer profile in the customer's http session? For example, the RDB realm in Tomcat does not have access to the Http session of a given user. I want to at least be able to store some kind of id which identifies the user in the user's session.
Thanks.
Saha
|
 |
s khosa
Ranch Hand
Joined: May 15, 2003
Posts: 72
|
|
Could u please provide some more details about ur application setup? Are you not using servlets on Tomcat?
Thanks
|
|
Chandra Sagi
Ranch Hand
Joined: May 05, 2005
Posts: 162
|
|
If you are not having having Session, then other ways would be to have hidden variables, cookies and URL rewriting. These three methods are unsecure though. You could write some code to encode the password while storing it as a cookie or sending it across pages as hidden variables and also in URL rewriting. This may not be a good idea in big applications.
Cheers
Chandu
|
|
Saha Kumar
Ranch Hand
Joined: Feb 23, 2006
Posts: 218
|
|
Thanks for the replies. I am using form-based login and tomcat. I just thought of a way...once the customer has been authenticated, to get the customer profile data, I can use: request.getUserPrincipal() to get the user name and then use it to look up the customer's profile data.
Many thanks.
|
|
 |
|
|
subject: Container managed security
|
|
|
0
