aspose file tools*
The moose likes JSP and the fly likes storing password into session with filters Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "storing password into session with filters" Watch "storing password into session with filters" New topic
Author

storing password into session with filters

Ali Khalfan
Ranch Hand

Joined: Nov 03, 2007
Posts: 126
Hi, Let's say i have the following filter for some jsp pages I have:



This code I intend to use to validate the pages so that the user won't enter any page without a password.

However it got me thinking, how do I start a password into a session? or better yet is it a good idea? what other alternative do i have?

Thanks,
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Why not have a login page, that does the login and sets a 'validated' session attribute.
Then, in the filter, if 'validated' attribute is not present, send the user to the login page.


The future is here. It's just not evenly distributed yet. - William Gibson
Consultant @ Xebia. Sonny Gill Tweets
Ali Khalfan
Ranch Hand

Joined: Nov 03, 2007
Posts: 126
Thank you for your reply,

but can you clarify what a 'validated' session is?
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Ohh..I meant any session attribute that is only set on the login page, and so , if found in session, means that this user is already validated.
I will probably use a session attribute with name 'validated' and value Boolean.TRUE
amit punekar
Ranch Hand

Joined: May 14, 2004
Posts: 512
Hi,
I would suggest using the Security features which Servlet Specs provides you.
You can use <login-config> element to configure a FORM based authentication with login.jsp as the login form. You can secure the resources which you want user to access only in logged-in state using <security-constraint> element in web-app.
Please have a look at Servlet specs or any good tutorial on the web about this.
regards,
Amit


Regards,
Amit
Ali Khalfan
Ranch Hand

Joined: Nov 03, 2007
Posts: 126
amit,

that would be a good idea if i can integrate to a database, however, from what i've seen from the servlet specs is that users are to be defined in the web.xml file.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61206
    
  66

Originally posted by Ali Khalfan:
is that users are to be defined in the web.xml file.

Only if you want to. I choose not to and, like amit, use a database for more fine-grained control over the entire authentication and role/permission management aspect of user management.

Using the spec-defined authentication schemes is an option, not a requirement.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Ali Khalfan
Ranch Hand

Joined: Nov 03, 2007
Posts: 126
can someone help me out here.

I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example


thanks,
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30516
    
150

Originally posted by Ali Khalfan:
can someone help me out here.

I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example

A database isn't proprietary. Whenever a user logs in, you go to the database to validate their username/password combination. If it is correct, you set a boolean attribute in the session (the validated attribute mentioned above.)


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Ali Khalfan
Ranch Hand

Joined: Nov 03, 2007
Posts: 126
Jeanne, I'm not saying that databases are proprietary, I'm just saying that all methods I've found are always related to a web engine. For example IBM or tomcat.

I'm just trying to find more info on how to apply this validation thing without a filter

Thanks,
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: storing password into session with filters