This week's book giveaway is in the Java in General forum.
We're giving away four copies of Think Java: How to Think Like a Computer Scientist and have Allen B. Downey & Chris Mayfield on-line!
See this thread for details.
Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Custom Authentication

 
Robert Hill
Ranch Hand
Posts: 94
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have read how easy it is to use authentication in a servlet conatiner.by using <security-role> and what not. Ok it is easy but also fairly useless, since it doesn't allow for dynamic registration.

Is there an easy way to tell the container when a log in is valid and what role they have if the sign in and suthentication is done using a custom program so it can automatically handle authorization and things like cookies for all JSPs and servlets in the container?

For example, I store the hashed passwords, usenames and user level in some sort of database, When a user logs in, the data is sent to a program that checks the user data with the stored data. If the user is a valid user, then a cookie is created for the session and sent ot the user and then the conatiner automatically handles everything from there, allowing access only when alowed given the user level.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For smaller apps, I use the container managed security (declarative security).

For larger, more complicated ones with situations such as the one you've described, I usually write my own (programmatic security).
 
Robert Hill
Ranch Hand
Posts: 94
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Robert Hill:
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.


Tips: You can use filter for authentication stuff.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Robert Hill:
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.


You can use JAAS , but note that authorization part is based on java permissions.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic