Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Security and login

 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Could someone please explain me how security is implemented ?
What I mean is this scenario:

1) Someone access restricted resources so ....
2) a login screen pops up asking for username and password
3) a user provides valid data and ...
4) finally can see the restricted resources
5) then clicks somewhere else to some not restricted resources
6) then goes back to the same restricted resources
7) and ..... he doesn't have to provide any username and password !

That's what confuses me ... How can a container know that it is the
same person ? Does the client (browser) add additional header
with username and password to every request made after the first login no
matter which authentication method was used ? (BASIC, DIGEST, etc....) ?

Many thanks,

Adrian
 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It depends on what kind of authentication is used. If it's BASIC, then it's the browser that remembers the credentials, and will send them in the HTTP headers for each subsequent access to that web site.

If you're using FORM, then there's most often a cookie involved, which will also be sent as an HTTP header with each access, until you log out.
 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What opportunities are there to restrict access to some web resources: directories with images, css and so... for users that are not logged? If login is implemented in servlets and jsp... Is filter in web.xml good for this purpose??? or what solution is better??? What solutions are good??? Thanks.
 
    Bookmark Topic Watch Topic
  • New Topic