*
The moose likes JSP and the fly likes Custom Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Custom Authentication" Watch "Custom Authentication" New topic
Author

Custom Authentication

Robert Hill
Ranch Hand

Joined: Feb 24, 2006
Posts: 94
I have read how easy it is to use authentication in a servlet conatiner.by using <security-role> and what not. Ok it is easy but also fairly useless, since it doesn't allow for dynamic registration.

Is there an easy way to tell the container when a log in is valid and what role they have if the sign in and suthentication is done using a custom program so it can automatically handle authorization and things like cookies for all JSPs and servlets in the container?

For example, I store the hashed passwords, usenames and user level in some sort of database, When a user logs in, the data is sent to a program that checks the user data with the stored data. If the user is a valid user, then a cookie is created for the session and sent ot the user and then the conatiner automatically handles everything from there, allowing access only when alowed given the user level.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

For smaller apps, I use the container managed security (declarative security).

For larger, more complicated ones with situations such as the one you've described, I usually write my own (programmatic security).


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Robert Hill
Ranch Hand

Joined: Feb 24, 2006
Posts: 94
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by Robert Hill:
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.


Tips: You can use filter for authentication stuff.
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by Robert Hill:
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.


You can use JAAS , but note that authorization part is based on java permissions.


Rahul Bhattacharjee
LinkedIn - Blog
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Custom Authentication