I am currently deciding on a method to implement security in my project. (i.e) if a user has logged in or not. My current idea is
setting up a session variable of a user if he has signed in "loggedin" is true and also username will be available. Also there will be a security filter since all my secure jsp pages will be in a folder called "secure".
So if the filter determines that a request is for a page in that particular folder it will look for the session object and other servlets/pages will be able to access the username too.. My second option is to usesomething like
http://www.securityfilter.org/ Has anyone ever used it before ?? Does my idea sound sensible ??
Security is a huge subject with many facets. Before thinking about how you're going to implement it, you need to think about what you're trying to protect against - what are the most likely attacks, and which ones are most costly if they occur? That should drive the decisions about implementation. There are a number of useful links concerning web app security at http://www.coderanch.com/how-to/java/SecurityFaq#web-apps