aspose file tools*
The moose likes Servlets and the fly likes Serving content based on authenticated roles Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Serving content based on authenticated roles" Watch "Serving content based on authenticated roles" New topic
Author

Serving content based on authenticated roles

marten kay
Ranch Hand

Joined: Feb 03, 2007
Posts: 178

Hi

I would like my users to authenticate (username/password) from the home page (index.html), or one click from the home page to use SSL. When the user is authenticated I would like the server to look up the user's role in a role table and serve them with content spedific to that role (or to send them to a session based role selector page if they have more than one role).

I'm considering Container Managed Security (CMS) using form-based authentication with DataSourceRealm and SSL on the server side.

However, when using CMS the user is directed to the form-login-page only when the user tries to access a constrained resource or servlet. So CMS acts more like a hurdle, while I would like it act a little more proactively.

Any clues on how on how I can get a user to authenticate before they try to access a constrained resource, and then serve them content based on their authentication details? (Using Ajax would be prefered).

Thanks

Marten






when in doubt put it in parenthesis and stick a dollar sign in front of it, only good can come from this.
Kumar Raja
Ranch Hand

Joined: Mar 18, 2010
Posts: 518
    
    2

marten kay wrote:Hi

I would like my users to authenticate (username/password) from the home page (index.html), or one click from the home page to use SSL. When the user is authenticated I would like the server to look up the user's role in a role table and serve them with content spedific to that role (or to send them to a session based role selector page if they have more than one role).

I'm considering Container Managed Security (CMS) using form-based authentication with DataSourceRealm and SSL on the server side.

However, when using CMS the user is directed to the form-login-page only when the user tries to access a constrained resource or servlet. So CMS acts more like a hurdle, while I would like it act a little more proactively.

Any clues on how on how I can get a user to authenticate before they try to access a constrained resource, and then serve them content based on their authentication details? (Using Ajax would be prefered).

Thanks

Marten


Marten, how is your security constraint defined in web.xml. I mean to ask what are the resources in your webapp, you are constraining.


Regards
KumarRaja

marten kay
Ranch Hand

Joined: Feb 03, 2007
Posts: 178


Hi Kumar

I am still in the design stages, so I can't give my web.xml example at the moment. However the scenario is this, the application is for teachers testing students so whenever a teacher logs in the page they see must be different to when the student logs in, and when the student logs in they should not be able to access the teacher's servlets or jsps.

My current thinking is to implement authentication myself and to have all requests to the app come through one servlet that authenticates (when details entered by user from index.jsp) and then based on roles found during authentication the request is delegated to an object to process the request. For future requests, the request would come through the same single servlet where the authority for the user is checked before delegating the request to an object to process. This seems simple enough to do, but I'm not too sure if it's a good idea to implement all security myself.

Marten

 
 
subject: Serving content based on authenticated roles