Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

What is HTTP based authentication and session handling

 
Chiran Mathur
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is HTTP based authentication and how do I do it.
I have customer whom I need to authenticate based on some mechanism and also once authenticated, for each subsequent request sent by the customer I need to make sure that it is coming from my customer. Now the customer has many different users so eahc one will be mnaking a different request. What is the best way to get this done.
I was told i need to do HTTP based authentication and then pass some kind generic id for the customer whihc the customer could send in subsequent requests.
Can someone please clarify?
 
Kyle Tang
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you are saying that, multiple users at different places(using different browsers) may be using the same account (login/passwd), and at the same time, right? Is that what you mean?
Http authentication is defined by <auth-method> in your web.xml, you also need to define <security-constraint> to define the url that need to be protected. and, you need to set up the user login/passwd database for your web-container.
after a user logged in(this is handled by HTTP and web-container, you don't have to worry about it), you use request.getRemoteUser() or getUserPrincipal().getUser(), you get the user-login.
This user-login would be the ID, you may put the ID into session, so if the same user send more requests, latter requests will have the ID in session. You know who he is.
But since there may be multiple users using different browers, each of them will have its own session object. You need to be careful with that. One thing sure is, as only as the login-name is not changed, then the ID attribute in all these sessions have the same value. You can count on that to do something for that "customer".
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic