my dog learned polymorphism
The moose likes Tomcat and the fly likes Form-based authentication implementation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Form-based authentication implementation" Watch "Form-based authentication implementation" New topic

Form-based authentication implementation

Carmen Brianick
Ranch Hand

Joined: Feb 23, 2006
Posts: 67
Hi, I plan to create a website with a login page using form-based authentication. I'm using Tomcat as a stand-alone application server for learning. I see that I can add a user and role inside Tomcat_user_role.xml (not sure of exact name) file so that the server would use that to check against when user inputed in the user/password input fields. However, I see other programmers (.NET) do not use xml for their user/password or role entries because they store them in the database and dynamically add roles inside their web app. Somehow, they also use form authentication this way: User inputs username/password --> They click submit and a class verifies the user against the database --> If valid, they tell their framework that the user is valid and the framework allows them to login. This sequence was used by a .NET programmer, I assume we can do the same in Java.

I was wondering what the best approach is for my project. I'm a little lost right now, I'm relatively new in web developement, so please reply with as much detail as possible (good tutorial links are good too).

Thanks so much,
[ July 26, 2006: Message edited by: Bear Bibeault ]
Stefan Evans

Joined: Jul 06, 2005
Posts: 1580
The relevant page in the Tomcat docs would be:

It describes "Realms" which are basically different ways of looking up usernames/passwords/roles to do the authentication.
You are currently using a "Memory Realm" - loaded into memory from an XML file.
If you want to use a database, you need to configure a "JDBC Realm" defining the database.

The nice thing about this is, it doesn't matter which realm you configure your application to use, the rest of the code remains the same.

Hope this helps,
I agree. Here's the link:
subject: Form-based authentication implementation
It's not a secret anymore!