Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Serving content based on authenticated roles

 
marten kay
Ranch Hand
Posts: 178
Java jQuery Postgres Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I would like my users to authenticate (username/password) from the home page (index.html), or one click from the home page to use SSL. When the user is authenticated I would like the server to look up the user's role in a role table and serve them with content spedific to that role (or to send them to a session based role selector page if they have more than one role).

I'm considering Container Managed Security (CMS) using form-based authentication with DataSourceRealm and SSL on the server side.

However, when using CMS the user is directed to the form-login-page only when the user tries to access a constrained resource or servlet. So CMS acts more like a hurdle, while I would like it act a little more proactively.

Any clues on how on how I can get a user to authenticate before they try to access a constrained resource, and then serve them content based on their authentication details? (Using Ajax would be prefered).

Thanks

Marten





 
Kumar Raja
Ranch Hand
Posts: 547
2
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
marten kay wrote:Hi

I would like my users to authenticate (username/password) from the home page (index.html), or one click from the home page to use SSL. When the user is authenticated I would like the server to look up the user's role in a role table and serve them with content spedific to that role (or to send them to a session based role selector page if they have more than one role).

I'm considering Container Managed Security (CMS) using form-based authentication with DataSourceRealm and SSL on the server side.

However, when using CMS the user is directed to the form-login-page only when the user tries to access a constrained resource or servlet. So CMS acts more like a hurdle, while I would like it act a little more proactively.

Any clues on how on how I can get a user to authenticate before they try to access a constrained resource, and then serve them content based on their authentication details? (Using Ajax would be prefered).

Thanks

Marten


Marten, how is your security constraint defined in web.xml. I mean to ask what are the resources in your webapp, you are constraining.
 
marten kay
Ranch Hand
Posts: 178
Java jQuery Postgres Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi Kumar

I am still in the design stages, so I can't give my web.xml example at the moment. However the scenario is this, the application is for teachers testing students so whenever a teacher logs in the page they see must be different to when the student logs in, and when the student logs in they should not be able to access the teacher's servlets or jsps.

My current thinking is to implement authentication myself and to have all requests to the app come through one servlet that authenticates (when details entered by user from index.jsp) and then based on roles found during authentication the request is delegated to an object to process the request. For future requests, the request would come through the same single servlet where the authority for the user is checked before delegating the request to an object to process. This seems simple enough to do, but I'm not too sure if it's a good idea to implement all security myself.

Marten

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic