| Author |
storing password into session with filters
|
Ali Khalfan
Ranch Hand
Joined: Nov 03, 2007
Posts: 126
|
|
Hi, Let's say i have the following filter for some jsp pages I have:
This code I intend to use to validate the pages so that the user won't enter any page without a password.
However it got me thinking, how do I start a password into a session? or better yet is it a good idea? what other alternative do i have?
Thanks,
|
 |
Sonny Gill
Ranch Hand
Joined: Feb 02, 2002
Posts: 1211
|
|
Why not have a login page, that does the login and sets a 'validated' session attribute.
Then, in the filter, if 'validated' attribute is not present, send the user to the login page.
|
The future is here. It's just not evenly distributed yet. - William Gibson
Consultant @ Xebia. Sonny Gill Tweets
|
|
Ali Khalfan
Ranch Hand
Joined: Nov 03, 2007
Posts: 126
|
|
Thank you for your reply,
but can you clarify what a 'validated' session is?
|
|
Sonny Gill
Ranch Hand
Joined: Feb 02, 2002
Posts: 1211
|
|
Ohh..I meant any session attribute that is only set on the login page, and so , if found in session, means that this user is already validated.
I will probably use a session attribute with name 'validated' and value Boolean.TRUE
|
|
amit punekar
Ranch Hand
Joined: May 14, 2004
Posts: 488
|
|
Hi,
I would suggest using the Security features which Servlet Specs provides you.
You can use <login-config> element to configure a FORM based authentication with login.jsp as the login form. You can secure the resources which you want user to access only in logged-in state using <security-constraint> element in web-app.
Please have a look at Servlet specs or any good tutorial on the web about this.
regards,
Amit
|
Regards,
Amit
|
|
Ali Khalfan
Ranch Hand
Joined: Nov 03, 2007
Posts: 126
|
|
amit,
that would be a good idea if i can integrate to a database, however, from what i've seen from the servlet specs is that users are to be defined in the web.xml file.
|
|
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56168
|
|
Originally posted by Ali Khalfan:
is that users are to be defined in the web.xml file.
Only if you want to. I choose not to and, like amit, use a database for more fine-grained control over the entire authentication and role/permission management aspect of user management.
Using the spec-defined authentication schemes is an option, not a requirement.
|
[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
|
|
Ali Khalfan
Ranch Hand
Joined: Nov 03, 2007
Posts: 126
|
|
can someone help me out here.
I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example
thanks,
|
|
Jeanne Boyarsky
internet detective
Marshal
Joined: May 26, 2003
Posts: 26162
|
|
Originally posted by Ali Khalfan:
can someone help me out here.
I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example
A database isn't proprietary. Whenever a user logs in, you go to the database to validate their username/password combination. If it is correct, you set a boolean attribute in the session (the validated attribute mentioned above.)
|
[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
|
|
Ali Khalfan
Ranch Hand
Joined: Nov 03, 2007
Posts: 126
|
|
Jeanne, I'm not saying that databases are proprietary, I'm just saying that all methods I've found are always related to a web engine. For example IBM or tomcat.
I'm just trying to find more info on how to apply this validation thing without a filter
Thanks,
|
|
 |
|
|
subject: storing password into session with filters
|
|
|
0
