Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

confusion regarding authentication

 
B Misra
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In HFSJ(2nd ed.) in page 688 it says 'when you are using declarative authentication , the client never makes any direct request for the login' - and there is explain that way you can ensure that login information can always be made sure to be transported through SSL.

But what about the web applications where user generally have to login even before actually start using the application.
How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp


That's what they mean by 'when you are using declarative authentication , the client never makes any direct request for the login'. If the client access a protected resource, he will be asked to login. So if you protect all resources, the client will have to login at least once before accessing any page.
 
B Misra
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Christophe Verré wrote:
How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp


That's what they mean by 'when you are using declarative authentication , the client never makes any direct request for the login'. If the client access a protected resource, he will be asked to login. So if you protect all resources, the client will have to login at least once before accessing any page.


Thanks for reply, but I wish to know what happens in the web applications (jsp-servlet tech) we come across everyday where we have to log-in first , more precisely the first page itself is a login jsp . Instead of declarative authentication what is used there?
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Instead of declarative authentication what is used there?

It is declarative authentication. If you access a protected resource, and you use a FORM authentication, the container will redirect you to the login page automatically. For example:

This will force any access to the web application to be redirected to the login page if the user is not yet authenticated.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic