• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Form-based authentication implementation

Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, I plan to create a website with a login page using form-based authentication. I'm using Tomcat as a stand-alone application server for learning. I see that I can add a user and role inside Tomcat_user_role.xml (not sure of exact name) file so that the server would use that to check against when user inputed in the user/password input fields. However, I see other programmers (.NET) do not use xml for their user/password or role entries because they store them in the database and dynamically add roles inside their web app. Somehow, they also use form authentication this way: User inputs username/password --> They click submit and a class verifies the user against the database --> If valid, they tell their framework that the user is valid and the framework allows them to login. This sequence was used by a .NET programmer, I assume we can do the same in Java.

I was wondering what the best approach is for my project. I'm a little lost right now, I'm relatively new in web developement, so please reply with as much detail as possible (good tutorial links are good too).

Thanks so much,
[ July 26, 2006: Message edited by: Bear Bibeault ]
Posts: 1845
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The relevant page in the Tomcat docs would be: http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html

It describes "Realms" which are basically different ways of looking up usernames/passwords/roles to do the authentication.
You are currently using a "Memory Realm" - loaded into memory from an XML file.
If you want to use a database, you need to configure a "JDBC Realm" defining the database.

The nice thing about this is, it doesn't matter which realm you configure your application to use, the rest of the code remains the same.

Hope this helps,
    Bookmark Topic Watch Topic
  • New Topic