Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

storing password into session with filters

 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Let's say i have the following filter for some jsp pages I have:



This code I intend to use to validate the pages so that the user won't enter any page without a password.

However it got me thinking, how do I start a password into a session? or better yet is it a good idea? what other alternative do i have?

Thanks,
 
Sonny Gill
Ranch Hand
Posts: 1211
IntelliJ IDE Mac
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why not have a login page, that does the login and sets a 'validated' session attribute.
Then, in the filter, if 'validated' attribute is not present, send the user to the login page.
 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for your reply,

but can you clarify what a 'validated' session is?
 
Sonny Gill
Ranch Hand
Posts: 1211
IntelliJ IDE Mac
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ohh..I meant any session attribute that is only set on the login page, and so , if found in session, means that this user is already validated.
I will probably use a session attribute with name 'validated' and value Boolean.TRUE
 
amit punekar
Ranch Hand
Posts: 544
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I would suggest using the Security features which Servlet Specs provides you.
You can use <login-config> element to configure a FORM based authentication with login.jsp as the login form. You can secure the resources which you want user to access only in logged-in state using <security-constraint> element in web-app.
Please have a look at Servlet specs or any good tutorial on the web about this.
regards,
Amit
 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
amit,

that would be a good idea if i can integrate to a database, however, from what i've seen from the servlet specs is that users are to be defined in the web.xml file.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64843
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ali Khalfan:
is that users are to be defined in the web.xml file.

Only if you want to. I choose not to and, like amit, use a database for more fine-grained control over the entire authentication and role/permission management aspect of user management.

Using the spec-defined authentication schemes is an option, not a requirement.
 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
can someone help me out here.

I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example


thanks,
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34410
346
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ali Khalfan:
can someone help me out here.

I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example

A database isn't proprietary. Whenever a user logs in, you go to the database to validate their username/password combination. If it is correct, you set a boolean attribute in the session (the validated attribute mentioned above.)
 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeanne, I'm not saying that databases are proprietary, I'm just saying that all methods I've found are always related to a web engine. For example IBM or tomcat.

I'm just trying to find more info on how to apply this validation thing without a filter

Thanks,
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic