aspose file tools*
The moose likes Servlets and the fly likes Authentication with JDBC Realms and MVC pattern (Controller servlet) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Authentication with JDBC Realms and MVC pattern (Controller servlet)" Watch "Authentication with JDBC Realms and MVC pattern (Controller servlet)" New topic
Author

Authentication with JDBC Realms and MVC pattern (Controller servlet)

Oscar Arnaiz
Greenhorn

Joined: Aug 26, 2002
Posts: 4
Hello, I am developing a web application using the MVC pattern and I try to use to athenticate with JDBC Realms. My problem is that using this athentication method with a Controller servlet that forwards requests to a proper jsp page don�t works.
I don�t know to do. If someone know how I have to do to athenticate using a Controller servlet (I�m not using Struts).
I will explain with more detail:
I have a Controller servlet that receive all requests to others pages. This servlet must authenticate the user and if the user is athenticated forward to the proper protected page, else forward to a login page. I am using JDBC Realms to protect the folders that contains the pages must be accesed under authentication. the problem is that the servlet use the method forward(request, response) that jumps the security-contraint and it accessed to the protected pages. I don�t know hot to use the JDBC Realms with the Controller Servlet.
Dave Vick
Ranch Hand

Joined: May 10, 2001
Posts: 3244
Oscar
Welcome to the Java Ranch, we hope you�ll enjoy visiting as a regular however,
your name is not in keeping with our naming policy here at the ranch. Please change your display name to an appropriate name as shown in the policy.
Thanks again and we hope to see you around the ranch!!

As far as using Realms in your web app, some of it is server specific. Let us see your web.xml file to make sure there is nothing wrong there. If that isn't the case, you might want to try one fo the servers forums or the documentation for the server you're using.


Dave
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Originally posted by Oscar:
I have a Controller servlet that receive all requests to others pages. This servlet must authenticate the user and if the user is athenticated forward to the proper protected page, else forward to a login page. I am using JDBC Realms to protect the folders that contains the pages must be accesed under authentication. the problem is that the servlet use the method forward(request, response) that jumps the security-contraint and it accessed to the protected pages. I don�t know hot to use the JDBC Realms with the Controller Servlet.

Yeah, you'll have some trouble with this.
The easiest solution it to have two Front Servlets instead of one. The first manages non-secured pages and the second manages secured pages.
The second servlet will have to be in the secured directory with the other secured resources. The non-secured servlet will still control the login (since the login page can't secured otherwise you wouldn't be allowed to pass it to them) and will redirect to the secured servlet after the user is authenticated.
If you are using Struts you might be in trouble. I haven't used truts but I believe it flattens the directory structure. This will tend to remove the fact that you have secured a directory and make it difficult to distinguish between secured and non-secured resources.
Or not. I'm happy to be wrong.
--------------------
(Other) Dave
Just because you're paranoid doesn't mean I'm not after you.
Oscar Arnaiz
Greenhorn

Joined: Aug 26, 2002
Posts: 4
First of all, I apologize for post the same question in two different forums, but I new in JavaRanch and I don�t know how it works. Sorry.
I am using Tomcat 3.2.4. The method that I use to go from a page to another is by means of a Controller servlet and a hidden type input named "page" that represents the next page to go. That parameter is received for the Controller servlet and it converts to the real URL with: nextPage = getInitParam(request.getParameter("page"));
For example, a web.xml for a simple application where the adminPage.jsp is protected:
<web-app>
<servlet>
<servlet-name>Controller</servlet-name>
<display-name>Controller</display-name>
<servlet-class>Controller</servlet-class>
<init-param>
<param-name>Index</param-name>
<param-value>index.htm</param-value>
</init-param>
<init-param>
<param-name>AdminPage</param-name>
<param-value>/admin/adminPage.htm</param-value>
</init-param>
<init-param>
<param-name>UnprotectedPage</param-name>
<param-value>unprotectedPage.htm</param-value>
</init-param>

</servlet>
<security-constraint>
<web-resource-collection>
<web-resource-name>tools-admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>ProtectedArea</realm-name>
<form-login-config>
<form-login-page>/security/login.jsp</form-login-page>
<form-error-page>/security/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>

</web-app>
From Index page to access to admin page the paramater "page" is equal to "AdminPage". The Controller servlet jumps the login page ang go to admin page without athentication. Must I put the servlet in protected area? I am using JDBC Realm wiht three tables for authentication (Login, Roles, Role-Login).
James Carman
Ranch Hand

Joined: Feb 20, 2001
Posts: 580
Originally posted by Oscar:
Hello, I am developing a web application using the MVC pattern and I try to use to athenticate with JDBC Realms. My problem is that using this athentication method with a Controller servlet that forwards requests to a proper jsp page don�t works.
I don�t know to do. If someone know how I have to do to athenticate using a Controller servlet (I�m not using Struts).
I will explain with more detail:
I have a Controller servlet that receive all requests to others pages. This servlet must authenticate the user and if the user is athenticated forward to the proper protected page, else forward to a login page. I am using JDBC Realms to protect the folders that contains the pages must be accesed under authentication. the problem is that the servlet use the method forward(request, response) that jumps the security-contraint and it accessed to the protected pages. I don�t know hot to use the JDBC Realms with the Controller Servlet.

You can achieve this by using a URL mapping strategy in your controller servlet. Let's use Struts as an example. You map URLs to your action classes using the struts-config.xml file. So, you use different URLs to access the same servlet instance (the ActionServlet) by way of extension mapping (*.do). Now, in your web.xml file, you can apply different security settings to the different URLs in your web application. The key is that you have to use the URL itself to tell you which page to forward to (in your case). Hope this helps (it's early).


James Carman, President<br />Carman Consulting, Inc.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentication with JDBC Realms and MVC pattern (Controller servlet)