File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Alternative to Container Managed Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Make it so: Java DB Connections & Transactions this week in the JDBC forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Alternative to Container Managed Authentication" Watch "Alternative to Container Managed Authentication" New topic

Alternative to Container Managed Authentication

Michael Viloria

Joined: May 12, 2009
Posts: 1

I'm trying implement a custom authentication for my application.
What is the best way to do this without using declarative container security?
I do not want to use JAAS authentication either.
Are there any open source projects that I can study for this?
I think I would be able to do it using ServletRequestListeners and filters but I would like to see an actual application that has already implemented this.

Thanks for reading.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42959
Welcome to JavaRanch.

Two packages you could look into are and The former puts a layer on top of JAAS that makes it easier to use for web apps, while the latter is a servlet filter that mimics container-managed authentication without the setup hassle.

I prefer a custom approach as well these days, since container-manages security rarely does all the things I need it to do. Once you've written a nice user management and login module, you can reuse it for other web apps later, so the initial investment pays off over time.
It is sorta covered in the JavaRanch Style Guide.
subject: Alternative to Container Managed Authentication
It's not a secret anymore!