File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Security implementation - suggestions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security implementation - suggestions" Watch "Security implementation - suggestions" New topic
Author

Security implementation - suggestions

Rajesh Khan
Ranch Hand

Joined: Oct 16, 2011
Posts: 230
I am currently deciding on a method to implement security in my project. (i.e) if a user has logged in or not. My current idea is
setting up a session variable of a user if he has signed in "loggedin" is true and also username will be available. Also there will be a security filter since all my secure jsp pages will be in a folder called "secure".
So if the filter determines that a request is for a page in that particular folder it will look for the session object and other servlets/pages will be able to access the username too.. My second option is to usesomething like
http://www.securityfilter.org/ Has anyone ever used it before ?? Does my idea sound sensible ??
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Security is a huge subject with many facets. Before thinking about how you're going to implement it, you need to think about what you're trying to protect against - what are the most likely attacks, and which ones are most costly if they occur? That should drive the decisions about implementation. There are a number of useful links concerning web app security at http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security implementation - suggestions
 
Similar Threads
Struts Auth RBAC Question
Security Mechanism suggestion?
What do you think of my filter ?
Webapp user login/security
how to redirect to success page in tomcat using its lapd configuration