aspose file tools
The moose likes Servlets and the fly likes Alternative to Container Managed Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA Java SE 8 Programmer I Study Guide 1Z0-808 this week in the OCAJP forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Alternative to Container Managed Authentication" Watch "Alternative to Container Managed Authentication" New topic
Author

Alternative to Container Managed Authentication

Michael Viloria
Greenhorn

Joined: May 12, 2009
Posts: 1
Hi!

I'm trying implement a custom authentication for my application.
What is the best way to do this without using declarative container security?
I do not want to use JAAS authentication either.
Are there any open source projects that I can study for this?
I think I would be able to do it using ServletRequestListeners and filters but I would like to see an actual application that has already implemented this.

Thanks for reading.

Ulf Dittmer
Rancher

Joined: Mar 22, 2005
Posts: 42952
    
  73
Welcome to JavaRanch.

Two packages you could look into are https://sourceforge.net/projects/jguard and http://securityfilter.sourceforge.net/. The former puts a layer on top of JAAS that makes it easier to use for web apps, while the latter is a servlet filter that mimics container-managed authentication without the setup hassle.

I prefer a custom approach as well these days, since container-manages security rarely does all the things I need it to do. Once you've written a nice user management and login module, you can reuse it for other web apps later, so the initial investment pays off over time.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Alternative to Container Managed Authentication