This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes confusion regarding authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "confusion regarding authentication" Watch "confusion regarding authentication" New topic
Author

confusion regarding authentication

B Misra
Greenhorn

Joined: Jul 27, 2007
Posts: 22
In HFSJ(2nd ed.) in page 688 it says 'when you are using declarative authentication , the client never makes any direct request for the login' - and there is explain that way you can ensure that login information can always be made sure to be transported through SSL.

But what about the web applications where user generally have to login even before actually start using the application.
How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp


That's what they mean by 'when you are using declarative authentication , the client never makes any direct request for the login'. If the client access a protected resource, he will be asked to login. So if you protect all resources, the client will have to login at least once before accessing any page.


[My Blog]
All roads lead to JavaRanch
B Misra
Greenhorn

Joined: Jul 27, 2007
Posts: 22
Christophe Verré wrote:
How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp


That's what they mean by 'when you are using declarative authentication , the client never makes any direct request for the login'. If the client access a protected resource, he will be asked to login. So if you protect all resources, the client will have to login at least once before accessing any page.


Thanks for reply, but I wish to know what happens in the web applications (jsp-servlet tech) we come across everyday where we have to log-in first , more precisely the first page itself is a login jsp . Instead of declarative authentication what is used there?
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

Instead of declarative authentication what is used there?

It is declarative authentication. If you access a protected resource, and you use a FORM authentication, the container will redirect you to the login page automatically. For example:

This will force any access to the web application to be redirected to the login page if the user is not yet authenticated.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: confusion regarding authentication