• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

question on form based authentication

 
Dave Seligson
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On page 647, the HFSJ book says "Note if you're using Form-based authentication, be sure to turn on SSL or session tracking, or your Container might not recognize the login form when it's returned!"

I understand why SSL should be turned on (confidentiality)
but what does SSL have to do with the container's ability to recognize the login form when it's returned?

Thanks,
Dave Seligson
SCJP 5.0
 
Mark Garland
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Without either Session Tracking or SSL, the container wouldn't be able to identify you between separate requests.

To get round this, you can use:

Session Tracking - you probably know all about this.

SSL - Used for "confidentiality", and so it means that unauthorised people should not be able to access the data. If the container is maintaining this secure connection, then it will definitely know who you are.
 
khushhal yadav
Ranch Hand
Posts: 242
Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dave,

See HTTP is a stateless protocol.

But what about HTTP + SSL ( = HTTPS )?? It's a stateful protocol .

Now, I think you have got reply to your query.

Regards,
Khushhal
 
Dave Seligson
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes,
Thank you. I didn't know that HTTP+SSL was actually stateful.
DaveS
 
Rahulg Goyal
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i think with form login we can't do the url rewriting for session tracking since action attribute has the value of j_security_check.so we need to resort to ssl+http or cookies way of tracking a user.therefore form based login can't be used without htttp+ssl and cookies enabled.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic