File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Form-based authentication implementation

 
Carmen Brianick
Ranch Hand
Posts: 67
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I plan to create a website with a login page using form-based authentication. I'm using Tomcat as a stand-alone application server for learning. I see that I can add a user and role inside Tomcat_user_role.xml (not sure of exact name) file so that the server would use that to check against when user inputed in the user/password input fields. However, I see other programmers (.NET) do not use xml for their user/password or role entries because they store them in the database and dynamically add roles inside their web app. Somehow, they also use form authentication this way: User inputs username/password --> They click submit and a class verifies the user against the database --> If valid, they tell their framework that the user is valid and the framework allows them to login. This sequence was used by a .NET programmer, I assume we can do the same in Java.

I was wondering what the best approach is for my project. I'm a little lost right now, I'm relatively new in web developement, so please reply with as much detail as possible (good tutorial links are good too).

Thanks so much,
Carmen
[ July 26, 2006: Message edited by: Bear Bibeault ]
 
Stefan Evans
Bartender
Posts: 1640
9
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The relevant page in the Tomcat docs would be: http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html

It describes "Realms" which are basically different ways of looking up usernames/passwords/roles to do the authentication.
You are currently using a "Memory Realm" - loaded into memory from an XML file.
If you want to use a database, you need to configure a "JDBC Realm" defining the database.

The nice thing about this is, it doesn't matter which realm you configure your application to use, the rest of the code remains the same.

Hope this helps,
evnafets
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic