if a user enters a website without entering the authentication page how can i redirect him to the authentication page? Say for example mail.yahoo.com is the authentication page.. If the user enters mail.yahoo.com/s1.html.. Then i have to redirect him to the mail.yahoo.com page and make him enter his password and his mail iddy.. How can i do this in jsp??? I Need the code for this....
Have you looked into form based authentication at all? A sample thread can be found here Essentially it allows you to configure a set of resources (ie pages) as 'secured', then anyone who attempts to access these resources if forced to login first. There is no 'sample code', it is done via configuration settings. If you secure the login page via https then the password is protected from casual observation. I'm concerned that you are still asking the same questions about authentication and password management that you posted a while ago. Did you want to give a brief description of what you are trying to achieve and the resources you are using (app server, database, authentication server etc) and we can help you get things sorted. Dave
Joined: Oct 10, 2002
thanks for ur reply david,yes i have posted this topic before but i did bot get a reply to this topic,Actually i was asked to do this programm in an interview,i could not do it,so try to tell me in detail how to do this coding, The guy in the interview asked me how could i do this in jsp...i started to blink,so try to solve my problem..
I'm not sure I understand. Are you saying that if they came from the login page they are accepted? I see three immediate problems. Firstly it is easy to fake http referrers, so this isn't secure. Secondly, the user has to visit the login page every time they want to access a secured resource. Finally, if the login page is submitting to the secured pages, each of these secured pages would have to duplicate the authentication code, and they would all have to individually manage access to themselves. The main advantage to authentication frameworks is that they remove authentication from individual pages. If you change authentication details, you don't have to change code in each file. You also don't have to worry about trying to synchronise the code in the pages. Originally I wasn't a fan of letting go of the responsibility of authentication to the server, but if you consider that you only have to get it wrong once on one page to look stupid, it is a much preffered solution. Dave