The pet store manages user accounts in the application layer. It does not use any of the three login mechanisms specified by the J2EE platform (HTTP basic authentication, SSL authentication, or form-based login). The SignOnFilter configuration file signon-config.xml defines both the signon page URL and which pages in the application are protected. SignOnFilter have access to the SignOnEJB session bean, and that the SignOnEJB have access to the User entity bean. But no WAF classes in between like WebController (WC) or EJBController (EC) or ServiceLocator.
LogOnView --> SignOnFilter --> SignOnEJB --> User
Why is it so..any comments?
SCJP 1.5, SCEA, ICED (287,484,486)
posted 12 years ago
I did not use standard login either. You can do login with Servlet filter. It is a very common way of doing.
1) Divide your page into 2 group under 2 directory, public and private. 2) Put a filter, to filter condition to access private directory is Session object USERID exists. 3) If Session object USERID does not exist, go to login page. 4) Search itinerary is in public place. 5) Pay, list, confirm is in private place.
Compare with stardard way, this approach give you total control of the login process, you can also add some profile cache in the login.
It also has good portability, since you does not use any container provided service.
But after all, it is the same as standard login. Since the standard login is also based on some kind of filter, you do not see it, since it is done by the container.
SCEA<br />SCJP SCJD SCWCD SCBCD
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads