This week's book giveaway is in the Android forum.
We're giving away four copies of Head First Android and have Dawn & David Griffiths on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes About FORM based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "About FORM based authentication" Watch "About FORM based authentication" New topic
Author

About FORM based authentication

Abimaran Kugathasan
Ranch Hand

Joined: Nov 04, 2009
Posts: 2066

In the HFSJ book, it's mentioned as,
Note: If you're using Form-based authentication, be sure to turn on SSL or session tracking, or your Container might not recognize the login form when it's returned.


Why do we have to use SSL for this? I know, session tracking is need to track the user who asked the restricted resource. But, How do we use SSL for session tracking? SSL used for secure transmission. For session tracking?

Thanks...


|BSc in Electronic Eng| |SCJP 6.0 91%| |SCWCD 5 92%|
Parth Twari
Ranch Hand

Joined: Jan 20, 2010
Posts: 163
SSL alone itself can be used for session tracking and secure transmission. Go in the specs and read the ways by which Container can perform session tracking


Parth Tiwari
| Pursuing Bachelor of Engineering | OSUM Club Leader | SCJP 6 | SCWCD 5 |...
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper

Joined: Apr 07, 2010
Posts: 1999
    
  39

Hi Abimaran,
Note: If you're using Form-based authentication, be sure to turn on SSL or session tracking, or your Container might not recognize the login form when it's returned.
It is written in a rather difficult way, but read it like this:

If the container doesn't track sessions, the users can be asked to authenticate every time they request a URL which has a security-constraint (which is quite annoying).

SSL is used for secure transport, but it also comes with an extra feature of session tracking
SRV.7.1.2 SSL Sessions
Secure Sockets Layer, the encryption technology used in the HTTPS protocol, has a
built-in mechanism allowing multiple requests from a client to be unambiguously
identified as being part of a session. A servlet container can easily use this data to
define a session.

Regards,
Frits

 
Consider Paul's rocket mass heater.
 
subject: About FORM based authentication
 
It's not a secret anymore!