• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

FORM authentication

 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have implemented an app using FORM auth method and it is working well. BUT, I still have questions

How is the container actually handling it in the background? If I have map report.jsp to use the FORM login method, would the container ask me EVERYTIME when I am directed to report.jsp no matter it is from the url, response.redirect() or requestDispatcher? if this is the case, then it must be a heck of a confusion if I were to map the url-pattern to /* !!! That means everytime I enter ANY pages, I am being prompted back to login.jsp to login!

Soooooo..... I suppose the container is making use of the sessionnnnnnnnnn......

Greatly appreciated if someone point me to the right direction. Thanks in advance.

Felix
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

That means everytime I enter ANY pages, I am being prompted back to login.jsp to login!


Of course, you will be prompted only once The container will keep the user's Principal in his pocket. Some information are given in the servlets specification, SRV.12.5.3.1 Login Form Notes :

Form based login and URL based session tracking can be problematic to implement. Form based login should be used only when sessions are being maintained by cookies or by SSL session information.

If the user is authenticated using form login and has created an HTTP session, the timeout or invalidation of that session leads to the user being logged out in the sense that subsequent requests must cause the user to be re-authenticated..
[ October 16, 2008: Message edited by: Christophe Verre ]
 
Felix Li
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Christophe. You just got the answer I needed.
 
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic