• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Devaka Cooray
  • Ron McLeod
  • paul wheaton
Saloon Keepers:
  • Tim Moores
  • Piet Souris
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Frits Walraven
  • Scott Selikoff

FORM authentication

 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have implemented an app using FORM auth method and it is working well. BUT, I still have questions

How is the container actually handling it in the background? If I have map report.jsp to use the FORM login method, would the container ask me EVERYTIME when I am directed to report.jsp no matter it is from the url, response.redirect() or requestDispatcher? if this is the case, then it must be a heck of a confusion if I were to map the url-pattern to /* !!! That means everytime I enter ANY pages, I am being prompted back to login.jsp to login!

Soooooo..... I suppose the container is making use of the sessionnnnnnnnnn......

Greatly appreciated if someone point me to the right direction. Thanks in advance.

Felix
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

That means everytime I enter ANY pages, I am being prompted back to login.jsp to login!


Of course, you will be prompted only once The container will keep the user's Principal in his pocket. Some information are given in the servlets specification, SRV.12.5.3.1 Login Form Notes :

Form based login and URL based session tracking can be problematic to implement. Form based login should be used only when sessions are being maintained by cookies or by SSL session information.

If the user is authenticated using form login and has created an HTTP session, the timeout or invalidation of that session leads to the user being logged out in the sense that subsequent requests must cause the user to be re-authenticated..
[ October 16, 2008: Message edited by: Christophe Verre ]
 
Felix Li
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Christophe. You just got the answer I needed.
 
Eat that pie! EAT IT! Now read this tiny ad. READ IT!
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic