Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

FORM authentication

 
Felix Li
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have implemented an app using FORM auth method and it is working well. BUT, I still have questions

How is the container actually handling it in the background? If I have map report.jsp to use the FORM login method, would the container ask me EVERYTIME when I am directed to report.jsp no matter it is from the url, response.redirect() or requestDispatcher? if this is the case, then it must be a heck of a confusion if I were to map the url-pattern to /* !!! That means everytime I enter ANY pages, I am being prompted back to login.jsp to login!

Soooooo..... I suppose the container is making use of the sessionnnnnnnnnn......

Greatly appreciated if someone point me to the right direction. Thanks in advance.

Felix
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That means everytime I enter ANY pages, I am being prompted back to login.jsp to login!

Of course, you will be prompted only once The container will keep the user's Principal in his pocket. Some information are given in the servlets specification, SRV.12.5.3.1 Login Form Notes :

Form based login and URL based session tracking can be problematic to implement. Form based login should be used only when sessions are being maintained by cookies or by SSL session information.

If the user is authenticated using form login and has created an HTTP session, the timeout or invalidation of that session leads to the user being logged out in the sense that subsequent requests must cause the user to be re-authenticated..
[ October 16, 2008: Message edited by: Christophe Verre ]
 
Felix Li
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Christophe. You just got the answer I needed.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic