Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Servlets and the fly likes Alternative to Container Managed Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Alternative to Container Managed Authentication" Watch "Alternative to Container Managed Authentication" New topic
Author

Alternative to Container Managed Authentication

Michael Viloria
Greenhorn

Joined: May 12, 2009
Posts: 1
Hi!

I'm trying implement a custom authentication for my application.
What is the best way to do this without using declarative container security?
I do not want to use JAAS authentication either.
Are there any open source projects that I can study for this?
I think I would be able to do it using ServletRequestListeners and filters but I would like to see an actual application that has already implemented this.

Thanks for reading.

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41816
    
  62
Welcome to JavaRanch.

Two packages you could look into are https://sourceforge.net/projects/jguard and http://securityfilter.sourceforge.net/. The former puts a layer on top of JAAS that makes it easier to use for web apps, while the latter is a servlet filter that mimics container-managed authentication without the setup hassle.

I prefer a custom approach as well these days, since container-manages security rarely does all the things I need it to do. Once you've written a nice user management and login module, you can reuse it for other web apps later, so the initial investment pays off over time.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Alternative to Container Managed Authentication