It's not a secret anymore!
The moose likes Servlets and the fly likes Alternative to Container Managed Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Alternative to Container Managed Authentication" Watch "Alternative to Container Managed Authentication" New topic

Alternative to Container Managed Authentication

Michael Viloria

Joined: May 12, 2009
Posts: 1

I'm trying implement a custom authentication for my application.
What is the best way to do this without using declarative container security?
I do not want to use JAAS authentication either.
Are there any open source projects that I can study for this?
I think I would be able to do it using ServletRequestListeners and filters but I would like to see an actual application that has already implemented this.

Thanks for reading.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42958
Welcome to JavaRanch.

Two packages you could look into are and The former puts a layer on top of JAAS that makes it easier to use for web apps, while the latter is a servlet filter that mimics container-managed authentication without the setup hassle.

I prefer a custom approach as well these days, since container-manages security rarely does all the things I need it to do. Once you've written a nice user management and login module, you can reuse it for other web apps later, so the initial investment pays off over time.
I agree. Here's the link:
subject: Alternative to Container Managed Authentication
It's not a secret anymore!