• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Best Practices for Form Based Login

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

i'm a newbie in the j2ee world and I read about form based authentication using j_security_check.
I tried it and all works fine :-)
Now, I would like know what is the better practice in production environment to authenticate users.
Is j_security used in a production environment?
Can you notice me any websites that use this kind of authentication?
What are the alternative APIs used in this context?
Thanks all in advance for tour precious help

Rosanero4ever
 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey mate,

You should read the security chapter of the Head First scwcd book! It really explains in a very visual way what are the options around and what are the pros and cons.

I've also found a link to something that might help you: some oracle page

Let me know what you think of it.


Have a nice one,

Ricky
 
Salvo Montalbano
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ricardo,

I read just this chapter but it talks about the four types of authentication: basic, digest, client-cert, form.
Form Login is provided using j_security_check servlet of the Container.
I would know if exists any other way to have a form based login and what's the best practice to perform a login method.
Then, I would like see a website (in a production environment) that use j_security_check. Do you know anyone?
Thanks again for your time
 
Ricardo Espírito Santo
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh ok I got what you need...

I thought you were trying to understand how it would work conceptually.

In that case try using google code search to look up forms that use those fields: google code search with the j_security_check query

hope that helps ;)
 
Salvo Montalbano
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your link.
Do you know alternative techniques to j_security_check in order to perform authentication?
Thank you very much
 
Ricardo Espírito Santo
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well at the minute we are developing a web app with JBoss Seam 2 and tweaked the auth mechanism to perform authentication against both our ldap and an internal jpa mechanism. The actual form itself is just a regular form but we also have the production site on https to difficult an eavesdropper's job. As for the actual password it is encoded with a standard one way system the cipher and password hash are salted and stored both locally and on the ldap system =)
 
Salvo Montalbano
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I apologize for my questions (perhaps too much questions)...
So, do you use authentication based on j_security_check or on your own custom servlet?
I'm using, at the moment, j_security_check servlet and the list of my users/roles are in a MySql database.
Thanks again!
 
Ricardo Espírito Santo
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No worries mate, this is a forum after all it's made for questions.

No I do not use the j_security_check It's not even a servlet. Its something else...
 
Get meta with me! What pursues us is our own obsessions! But not this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic