File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Servlet Security/Authentication question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet Security/Authentication question" Watch "Servlet Security/Authentication question" New topic
Author

Servlet Security/Authentication question

Alexey Gor
Greenhorn

Joined: Jul 13, 2004
Posts: 27
hello all,

We are developing an Intranet application (to run within an NT/2003 domain)with several sensitive applications. There are different options that we are looking at as far as authentication goes. Most likely, we are going to use LDAP to authenticate against Active Directory. btw, if you have any information that could help us do that - please share.

My question is: Once the password is verified and the user is authenticated, can we place a "SecurityToken" object into the Session and use it from that point on? The SEcurityToken will have basic methods such as getLogin, getGroups, getAccessCode, etc. It will be populated when the user authenticates, and all application will use it to determine the view/access level, etc. Is this method secure? What is the common practice to handle this?

Thanks!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Servlet Security/Authentication question
 
Similar Threads
openSSO use only for authentication for j2ee application
what's LDAP server
Preserving Login Information
logon procedure on websphere application server express
Single sign on for multiple webapps