aspose file tools*
The moose likes Servlets and the fly likes Authorization on sessions? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Authorization on sessions?" Watch "Authorization on sessions?" New topic
Author

Authorization on sessions?

Grigory O. Ptashko
Greenhorn

Joined: Jan 26, 2006
Posts: 16
Hello, again.

Sorry, if I posted it to the wrong forum, didn't find a more suitable one.
Well.

I'm new to java web-programming but have a huge experience in apache/perl web-programming. I know how to do authorization based on sessions with apache and perl. What is the analog for this, say in Tomcat? Please, point me to the right direction. Actually, I could not find any good documents from the first glance.

I appreciate any comments.
Thanks.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

This forum is perfect.

I do this by binding an object to session once the user has logged in sucessfully. The object could be anything but let's call it userBean for the sake of discussion.

Then, with each hit, check for the existence of that object (filters make this very easy). If it is null, redirect or forward the user to the login page.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You could also use declarative security.
There is a link to the servlet spec in my signature.
Download the pdf and scan it for 'security-constraint' for more information.
Grigory O. Ptashko
Greenhorn

Joined: Jan 26, 2006
Posts: 16
Ben,

yeah, I'm on my way to reading the specification, I've just downloaded it.

But, regarding your first reply - can you tell me some keywords for searching some examples on the net? I mean, I'd like to see "the guts" of session handling in java-based application servers.

Thanks.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Pick some keywords from the thread here
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Grigory O. Ptashko:
Ben,

yeah, I'm on my way to reading the specification, I've just downloaded it.

But, regarding your first reply - can you tell me some keywords for searching some examples on the net? I mean, I'd like to see "the guts" of session handling in java-based application servers.

Thanks.



I wrote a sample app that does this.
http://simple.souther.us/not-so-simple.html

Look for SessionMonitor.
 
Don't get me started about those stupid light bulbs.
 
subject: Authorization on sessions?