GeeCON Prague 2014*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Form based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Form based authentication" Watch "Form based authentication" New topic
Author

Form based authentication

Amruth Puppala
Ranch Hand

Joined: Jul 14, 2008
Posts: 295
In HFSJ 1st edition page 647 , It was given

Note:if you're using Form based authentication, be sure to turn on SSL or session tracking, otherwise container might not recognize the login for when it's returned

What is the meaning for this. what is the relation among form based authentication and SSL or session tracking
[ August 05, 2008: Message edited by: Chintu sirivennela ]

SCJP 5 |SCWCD 5| Started thinking about Web Services ?
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

hi chintu,

i am working on this.i recommand you to try to implement it. you may get something (now i am facing some problem in form based authentication ,some time its working but some time it is giving problem.. i think due to session )

and i think to understand the login information data ,container is using session...

correct me if i am wrong
Amruth Puppala
Ranch Hand

Joined: Jul 14, 2008
Posts: 295
Hi seetharaman venkatasamy,

Thanks for the response


I'm not preparing by writing programes, as I don't have computer at home and in office not possible due to hectic work. So will try but not sure I can because I need to setup env all, install tomcat etc.

I have worked on servletes and JSP's in my previous project so now I am only studying book not practicing ....

Please share your knowledge once you done.
[ August 05, 2008: Message edited by: Chintu sirivennela ]
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

sure
Paulo Rezende
Ranch Hand

Joined: May 13, 2008
Posts: 33

I had the same doubt and thought a lot about.

I guess that the problem is...

There are three places where the container can find the session ID:

- URL (URL rewriting)
- SSL
- Cookie

If you don't have cookie, you don't have SSL, where is the session ID? Maybe in the URL.

BUT...

A form based authentication do a POST, no a GET, then... there is no URL. OK, there is, but no additional information on the URL, except the targeted resource.

I hope that I'm right.
[ August 05, 2008: Message edited by: Paulo Rezende ]

SCJP, SCWCD, OCBCD
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42023
    
  64
Originally posted by Chintu sirivennela:
what is the relation among form based authentication and SSL or session tracking


The key point is that there is no relationship. That's why -if there is neither SSL nor session tracking- the login will not work, or rather, the server will not recognize on the next request that it's from a client that has just logged in.

Paul -welcome to JavaRanch, by the way- is pretty close. Session tracking -either via cookies or via URL rewriting- is one way for the server to correlate requests as coming from the same client. So it can remember that that client has logged in before.

SSL works differently -no HTTP session is involved-, but it, too, allows the server to correlate client requests, thus enabling it to remember which clients have logged in.

Without either in place, the login will work once, but when the next request from the same client reaches the server, it will have forgotten all about the login.

Note that this is different from basic authentication, where the username and password are sent by the browser with every single request, not just the first one.
[ August 05, 2008: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
Amruth Puppala
Ranch Hand

Joined: Jul 14, 2008
Posts: 295
Thanks a ton Ulf Dittmer. Your explanation is very much imppressive, Thanks a lot once again.
 
jQuery in Action, 2nd edition
 
subject: Form based authentication