This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Security implementation - suggestions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security implementation - suggestions" Watch "Security implementation - suggestions" New topic
Author

Security implementation - suggestions

Rajesh Khan
Ranch Hand

Joined: Oct 16, 2011
Posts: 230
I am currently deciding on a method to implement security in my project. (i.e) if a user has logged in or not. My current idea is
setting up a session variable of a user if he has signed in "loggedin" is true and also username will be available. Also there will be a security filter since all my secure jsp pages will be in a folder called "secure".
So if the filter determines that a request is for a page in that particular folder it will look for the session object and other servlets/pages will be able to access the username too.. My second option is to usesomething like
http://www.securityfilter.org/ Has anyone ever used it before ?? Does my idea sound sensible ??
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Security is a huge subject with many facets. Before thinking about how you're going to implement it, you need to think about what you're trying to protect against - what are the most likely attacks, and which ones are most costly if they occur? That should drive the decisions about implementation. There are a number of useful links concerning web app security at http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security implementation - suggestions
 
Similar Threads
how to redirect to success page in tomcat using its lapd configuration
What do you think of my filter ?
Struts Auth RBAC Question
Webapp user login/security
Security Mechanism suggestion?