File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB and other Java EE Technologies and the fly likes Database user authentication through an EJB ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Database user authentication through an EJB ?" Watch "Database user authentication through an EJB ?" New topic

Database user authentication through an EJB ?

JC Falaise

Joined: Jul 05, 2001
Posts: 2
Being in the process of rewriting an existing intranet application, using Oracle Application Server 4.0.8 and PL/SQL code on an Oracle 8 database, in java using JSPs and EJBs. I wonder how we'll be able to handle the application user authentication the same ways that the Oracle webserver already does, ie the user is asked his username/password when he enters then application ( welcome page) and his details are checked in the database and he is allowed (for the whole duration of life of the application, ie the browser is open) or denied the access.
I read something about EJB to handle that but would like to know if it does work and if yes, where can i get implementation examples (if you've got any better idea, i take it)
Thanks in advance, JC
Matt Midcap

Joined: Jan 07, 1999
Posts: 440
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Please log in with a new name which meets the requirements.

Best Regards,<br />Matt Midcap
Subbu Aswathanarayan
Ranch Hand

Joined: Jun 22, 2001
Posts: 73
You can perform user authentication using servlets or jsp with the help of session this, you basically ask a user to enter his username and password and then verify it with a database.if the user is a valid user, u set a session id and every time a user requests a page u check for this sessionid and display the page only if it is a valid id.this id is valid till user closes the browser window or u explicitly invalidate the session.refer to some good book to learrn more abt session tracking.u can also visit the jsp and servlets forum and read the posts there.

Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

J2EE has 'built in' security and authentication. You can make (I forget the exact J2EE terms) but... they are like Groups and Users. J2EE allows you to specify which groups, or even individual users are allowed to run certain business methods. All of this is security. The authentication part comes in when they first start to use the J2EE application you write. The app server will send (even for web apps) a UserName and Password dialog box. If they are not authenticated, they don't get to use the entire application.

If they do get authenticated, then they are only allowed to use those parts of the application, and run those specific business methods, that you've previously set up.

This is shown, although not in a whole lot of detail in the J2EE developer's guide. The one that comes with j2skdee1.2.1, I haven't seen the newest beta version.
I agree. Here's the link:
subject: Database user authentication through an EJB ?
It's not a secret anymore!