aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes About FORM based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "About FORM based authentication" Watch "About FORM based authentication" New topic
Author

About FORM based authentication

Abimaran Kugathasan
Ranch Hand

Joined: Nov 04, 2009
Posts: 2066

In the HFSJ book, it's mentioned as,
Note: If you're using Form-based authentication, be sure to turn on SSL or session tracking, or your Container might not recognize the login form when it's returned.


Why do we have to use SSL for this? I know, session tracking is need to track the user who asked the restricted resource. But, How do we use SSL for session tracking? SSL used for secure transmission. For session tracking?

Thanks...


|BSc in Electronic Eng| |SCJP 6.0 91%| |SCWCD 5 92%|
Parth Twari
Ranch Hand

Joined: Jan 20, 2010
Posts: 163
SSL alone itself can be used for session tracking and secure transmission. Go in the specs and read the ways by which Container can perform session tracking


Parth Tiwari
| Pursuing Bachelor of Engineering | OSUM Club Leader | SCJP 6 | SCWCD 5 |...
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1731
    
  25

Hi Abimaran,
Note: If you're using Form-based authentication, be sure to turn on SSL or session tracking, or your Container might not recognize the login form when it's returned.
It is written in a rather difficult way, but read it like this:

If the container doesn't track sessions, the users can be asked to authenticate every time they request a URL which has a security-constraint (which is quite annoying).

SSL is used for secure transport, but it also comes with an extra feature of session tracking
SRV.7.1.2 SSL Sessions
Secure Sockets Layer, the encryption technology used in the HTTPS protocol, has a
built-in mechanism allowing multiple requests from a client to be unambiguously
identified as being part of a session. A servlet container can easily use this data to
define a session.

Regards,
Frits

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: About FORM based authentication