• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Pop up URL authentication

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I need to know how a URL can be authenticated using Javascript/html with a pop up appearing.

For example, if there is a page called "abc.jsp" and i click on the link that takes to "abc.jsp", i should get a pop up asking the username/password which then is sent to the server to authenticate the user. If the user is authenticated, "abc.jsp" is displayed. Else, he is redirected to the Error page with a message stating he is not authorized.

How can i achieve this?? Please help me.


Thanks in advance.
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why JavaScript?

Its pretty simple (though also simplistic) to have a condition in a JSP whereby if not authenticated render some JavaScript that does just what you ask.
 
Vishwas Shashidhar
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the suggestion Paul.

But the kind of design we have done is pretty sophisticated.

We don't do any logical operations in a JSP, everything is taken care by Servlets and traditional Java classes.

Let me explain the exact logic I'm looking to implement.

There is a JSP called "home.jsp". And there are links to navigate to different pages from this page. Certain operations can be performed only by an administrator. For example, if i want to delete the data of a student, I click on the "DeleteStudent.jsp" link. Our initial approach was to pass the Student name to the servlet, keep it in a session, redirect the user to the authentication page, authenticate him and then delete the data. But i thought this involved too many operations and pages.

Since I've seen so many sites in which if i hit a URL, a pop-up appears and once i'm authenticated, i can access the page.

I didn't get to know how to implement this using a Javascript as in a JS Popup, the password is not masked which is a huge concern.

So, please let me know how i can take this further.

Hope you have understood the scenario.

Thanks in advance again.
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


There is a JSP called "home.jsp". And there are links to navigate to different pages from this page. Certain operations can be performed only by an administrator. For example, if i want to delete the data of a student, I click on the "DeleteStudent.jsp" link. Our initial approach was to pass the Student name to the servlet, keep it in a session, redirect the user to the authentication page, authenticate him and then delete the data. But i thought this involved too many operations and pages.



Any reason you don't authenticate the user and only display operations they can perform? Seems like a far easier option.


Since I've seen so many sites in which if i hit a URL, a pop-up appears and once i'm authenticated, i can access the page.


That popup is unlikely to be JavaScript. What you are more likely seeing is the standard callback handler supplied by the browser.


I didn't get to know how to implement this using a Javascript as in a JS Popup, the password is not masked which is a huge concern.[


Masking what data is entered in a field is fairly trivial to do in JavaScript. I'm just not seeing why JavaScript is needed here at all. Standard form based authentication will behave (almost) as you require, the only difference being its not a popup you'll hit when you access a resource within a security constraint as an unauthenticated user.
 
Ranch Hand
Posts: 558
2
Hibernate Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Paul,

I'm just curious if you are suggesting to implement the web security features provided by specifications using realms and security constraints in deployment descriptor. This seems to be the pretty straight forward approach. Did I misunderstood the question ?
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's exactly what I'm suggesting, for the reason you mention Kumar: it seems to be the straight forward way of resolving this. I'm curious if Vishwas has a compelling reason to use JavaScript.
 
Vishwas Shashidhar
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a lot for the input Paul.

Yes, i am pretty much clear now. I will mostly use the form based authentication.

The part where you say only authorized people(admin) should access the page, i've implemented that as well.

Its just that i want to give double security for a "DELETE" operation as the consequences would be severe if the admin does it mistakenly and all the data is lost. Which is why i am including a second password for the same purpose to make sure the admin is aware of the thing.

Your input was really helpful. Cheers
 
reply
    Bookmark Topic Watch Topic
  • New Topic