File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Security implementation - suggestions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security implementation - suggestions" Watch "Security implementation - suggestions" New topic

Security implementation - suggestions

Rajesh Khan
Ranch Hand

Joined: Oct 16, 2011
Posts: 230
I am currently deciding on a method to implement security in my project. (i.e) if a user has logged in or not. My current idea is
setting up a session variable of a user if he has signed in "loggedin" is true and also username will be available. Also there will be a security filter since all my secure jsp pages will be in a folder called "secure".
So if the filter determines that a request is for a page in that particular folder it will look for the session object and other servlets/pages will be able to access the username too.. My second option is to usesomething like Has anyone ever used it before ?? Does my idea sound sensible ??
Tim Moores

Joined: Sep 21, 2011
Posts: 2413
Security is a huge subject with many facets. Before thinking about how you're going to implement it, you need to think about what you're trying to protect against - what are the most likely attacks, and which ones are most costly if they occur? That should drive the decisions about implementation. There are a number of useful links concerning web app security at
I agree. Here's the link:
subject: Security implementation - suggestions
It's not a secret anymore!