Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Form based authentication

 
Amruth Puppala
Ranch Hand
Posts: 295
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In HFSJ 1st edition page 647 , It was given

Note:if you're using Form based authentication, be sure to turn on SSL or session tracking, otherwise container might not recognize the login for when it's returned

What is the meaning for this. what is the relation among form based authentication and SSL or session tracking
[ August 05, 2008: Message edited by: Chintu sirivennela ]
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi chintu,

i am working on this.i recommand you to try to implement it. you may get something (now i am facing some problem in form based authentication ,some time its working but some time it is giving problem.. i think due to session )

and i think to understand the login information data ,container is using session...

correct me if i am wrong
 
Amruth Puppala
Ranch Hand
Posts: 295
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi seetharaman venkatasamy,

Thanks for the response


I'm not preparing by writing programes, as I don't have computer at home and in office not possible due to hectic work. So will try but not sure I can because I need to setup env all, install tomcat etc.

I have worked on servletes and JSP's in my previous project so now I am only studying book not practicing ....

Please share your knowledge once you done.
[ August 05, 2008: Message edited by: Chintu sirivennela ]
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sure
 
Paulo Marcio Brandi Rezende
Ranch Hand
Posts: 34
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had the same doubt and thought a lot about.

I guess that the problem is...

There are three places where the container can find the session ID:

- URL (URL rewriting)
- SSL
- Cookie

If you don't have cookie, you don't have SSL, where is the session ID? Maybe in the URL.

BUT...

A form based authentication do a POST, no a GET, then... there is no URL. OK, there is, but no additional information on the URL, except the targeted resource.

I hope that I'm right.
[ August 05, 2008: Message edited by: Paulo Rezende ]
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Chintu sirivennela:
what is the relation among form based authentication and SSL or session tracking


The key point is that there is no relationship. That's why -if there is neither SSL nor session tracking- the login will not work, or rather, the server will not recognize on the next request that it's from a client that has just logged in.

Paul -welcome to JavaRanch, by the way- is pretty close. Session tracking -either via cookies or via URL rewriting- is one way for the server to correlate requests as coming from the same client. So it can remember that that client has logged in before.

SSL works differently -no HTTP session is involved-, but it, too, allows the server to correlate client requests, thus enabling it to remember which clients have logged in.

Without either in place, the login will work once, but when the next request from the same client reaches the server, it will have forgotten all about the login.

Note that this is different from basic authentication, where the username and password are sent by the browser with every single request, not just the first one.
[ August 05, 2008: Message edited by: Ulf Dittmer ]
 
Amruth Puppala
Ranch Hand
Posts: 295
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a ton Ulf Dittmer. Your explanation is very much imppressive, Thanks a lot once again.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic