my dog learned polymorphism*
The moose likes Servlets and the fly likes sequre login in web based application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "sequre login in web based application" Watch "sequre login in web based application" New topic
Author

sequre login in web based application

divya chamarti
Ranch Hand

Joined: Jul 28, 2006
Posts: 56
will any body help me to tell how to store all the login details in a web-application form based using servlets/struts and how to show these details to user if he/she wants ,
and also the technique for :
if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose
Richard Green
Ranch Hand

Joined: Aug 25, 2005
Posts: 536
Typically one would store the username and password in the database and when an user logs into the system, the credentials are checked against the database.

if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose

Have a look at javax.servlet.http.HttpSessionListener


MCSD, SCJP, SCWCD, SCBCD, SCJD (in progress - URLybird 1.2.1)
divya chamarti
Ranch Hand

Joined: Jul 28, 2006
Posts: 56
thanks Lynette
can you specify what do you mean by
when an user logs into the system, the credentials are checked against the database.
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10207
    
166

can you specify what do you mean by
when an user logs into the system, the credentials are checked against the database


The information(username, password and the roles to which the user belongs) about all *valid* users in the application will be stored in tables in a database. Whenever a users tries logging into your application, you will check the username and password against the information present in the tables to authenticate the user.


[My Blog] [JavaRanch Journal]
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10207
    
166

However, its not a hard and fast rule that you maintain the information in the database. If you are just trying out a sample application on authentication then you can have property files containing the username and password information. If its for a production application then you could go for database authentication
Yogendra Joshi
Ranch Hand

Joined: Apr 04, 2006
Posts: 213
Originally posted by jaikiran pai:
However, its not a hard and fast rule that you maintain the information in the database. If you are just trying out a sample application on authentication then you can have property files containing the username and password information. If its for a production application then you could go for database authentication


Well , Also there is an more easy way for this. Simply define the users in the tomcat-users.xml file. But as said by jaikiran if it is for the production server then the best would be Database.

Cheers.
Yogendra Joshi.


Meri Zindagi Hain Tab Tak.. Jab Tak Tera Sahara.... Har Taraf Tu Hi Tu Hain SAI Tera Hi Hain Nazara.....
Romi Dave
Greenhorn

Joined: Jul 19, 2006
Posts: 26
if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose





Can you please explain how to use HttpSessionListener. This interface has just two methods sessionCreated( ) and sessionDestroyed() to tract the sessions so how can we use it to track multiple session for a same username and password.

Thanks,
[ August 02, 2006: Message edited by: Romi Dave ]
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Originally posted by Yogendra Joshi:


Well , Also there is an more easy way for this. Simply define the users in the tomcat-users.xml file. But as said by jaikiran if it is for the production server then the best would be Database.

Cheers.
Yogendra Joshi.


I am not sure but just guessing, those users will not be application specific, right??? or may be we can set application also for users...
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: sequre login in web based application