File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Cattle Drive and the fly likes Servlet-4b Question - password authentication architecture Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » This Site » Cattle Drive
Bookmark "Servlet-4b Question - password authentication architecture" Watch "Servlet-4b Question - password authentication architecture" New topic

Servlet-4b Question - password authentication architecture

Richard Broersma
Ranch Hand

Joined: Apr 28, 2009
Posts: 63

While attempting to solve the Servlets-4b assignment, I've noticing that my solution continues to become more and more convoluted and it still does not produce some of the desired results.

After reading the intent of the assignment, it seemed to me that the containers built-in authentication api or servlet filters could be well suited to solving this problem. However, the assignment deliverables did not show that these features are used as a solution. So I attempted to mimic filters by decorating/wrapping my application ActionHandler classes with a subclass containing authentication logic. My thought being, I+ didn't want to duplicate all of this code in each action handler, so instead I'd wrap the authentication logic around the application logic.

So everything work good upon until a certain point. The Authentication sub-class .doAction() is called, the object detects that there so no authentication cookie set, so it forwards the ServletData object to the videologin.jsp rather than the actionhandler designated in by the "action" in ServletData request object.

The password is then entered by the user using the webpage rendered by the videologin.jsp, the container sends to new request and response objects back to ActionServlet, which then finds the "login" action handler. The login action handler creates the cookie and adds it to the ServletData and then *forwards* the request/response objects to .... ???; Well the login action handler doesn't know who called it so it doesn't have another JSP to redirect its response to, and it doesn't know which action handler was responsible for its invocation. So at this point, I'm stuck.

However not wanting to hold up the rest of the assignment design for this little problem, I continued testing the login actionhandler by hard coding the "" in the forward and I set a desired "action" for testing in the ServletData object. But at this point I get errors emitted from the container once the forward() is processed.

So, does anyone have a little advice to offer on a good design practices to use for password authentication using cookies? I probably wouldn't need to ask this question if I had more experience with Servlets.
Carol Murphy
village idiot

Joined: Mar 15, 2001
Posts: 1202
Servlets and JSPs were a real challenge for me. Reading up on the basics is a good idea! Have a look at the source code for ActionServlet in jr.jar. Then think about the assignment and what you need to do. What are the actions that can be performed from the login page? What needs to happen for each of those actions? Try starting there with the authentication stuff! And good luck!
I agree. Here's the link:
subject: Servlet-4b Question - password authentication architecture
It's not a secret anymore!