aspose file tools*
The moose likes Servlets and the fly likes Alternative to Container Managed Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Alternative to Container Managed Authentication" Watch "Alternative to Container Managed Authentication" New topic
Author

Alternative to Container Managed Authentication

Michael Viloria
Greenhorn

Joined: May 12, 2009
Posts: 1
Hi!

I'm trying implement a custom authentication for my application.
What is the best way to do this without using declarative container security?
I do not want to use JAAS authentication either.
Are there any open source projects that I can study for this?
I think I would be able to do it using ServletRequestListeners and filters but I would like to see an actual application that has already implemented this.

Thanks for reading.

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41574
    
  54
Welcome to JavaRanch.

Two packages you could look into are https://sourceforge.net/projects/jguard and http://securityfilter.sourceforge.net/. The former puts a layer on top of JAAS that makes it easier to use for web apps, while the latter is a servlet filter that mimics container-managed authentication without the setup hassle.

I prefer a custom approach as well these days, since container-manages security rarely does all the things I need it to do. Once you've written a nice user management and login module, you can reuse it for other web apps later, so the initial investment pays off over time.


Ping & DNS - my free Android networking tools app
 
wood burning stoves
 
subject: Alternative to Container Managed Authentication