Hi, Being in the process of rewriting an existing intranet application, using Oracle Application Server 4.0.8 and PL/SQL code on an Oracle 8 database, in java using JSPs and EJBs. I wonder how we'll be able to handle the application user authentication the same ways that the Oracle webserver already does, ie the user is asked his username/password when he enters then application ( welcome page) and his details are checked in the database and he is allowed (for the whole duration of life of the application, ie the browser is open) or denied the access. I read something about EJB to handle that but would like to know if it does work and if yes, where can i get implementation examples (if you've got any better idea, i take it) Thanks in advance, JC
The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at http://www.javaranch.com/name.jsp . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Please log in with a new name which meets the requirements. Thanks. Matt
Hi, You can perform user authentication using servlets or jsp with the help of session tracking.in this, you basically ask a user to enter his username and password and then verify it with a database.if the user is a valid user, u set a session id and every time a user requests a page u check for this sessionid and display the page only if it is a valid id.this id is valid till user closes the browser window or u explicitly invalidate the session.refer to some good book to learrn more abt session tracking.u can also visit the jsp and servlets forum and read the posts there. Subbu
J2EE has 'built in' security and authentication. You can make (I forget the exact J2EE terms) but... they are like Groups and Users. J2EE allows you to specify which groups, or even individual users are allowed to run certain business methods. All of this is security. The authentication part comes in when they first start to use the J2EE application you write. The app server will send (even for web apps) a UserName and Password dialog box. If they are not authenticated, they don't get to use the entire application.
If they do get authenticated, then they are only allowed to use those parts of the application, and run those specific business methods, that you've previously set up.
This is shown, although not in a whole lot of detail in the J2EE developer's guide. The one that comes with j2skdee1.2.1, I haven't seen the newest beta version.