• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Custom Authentication

 
Ranch Hand
Posts: 94
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have read how easy it is to use authentication in a servlet conatiner.by using <security-role> and what not. Ok it is easy but also fairly useless, since it doesn't allow for dynamic registration.

Is there an easy way to tell the container when a log in is valid and what role they have if the sign in and suthentication is done using a custom program so it can automatically handle authorization and things like cookies for all JSPs and servlets in the container?

For example, I store the hashed passwords, usenames and user level in some sort of database, When a user logs in, the data is sent to a program that checks the user data with the stored data. If the user is a valid user, then a cookie is created for the session and sent ot the user and then the conatiner automatically handles everything from there, allowing access only when alowed given the user level.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For smaller apps, I use the container managed security (declarative security).

For larger, more complicated ones with situations such as the one you've described, I usually write my own (programmatic security).
 
Robert Hill
Ranch Hand
Posts: 94
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.
 
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Robert Hill:
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.



Tips: You can use filter for authentication stuff.
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Robert Hill:
OK, so I have to handle everything myself? That is fair enough, I just wanted to make sure I wasn't reinventing the wheel here. I don't mind rolling my own, I just get nervous about writing my own security based functions.



You can use JAAS , but note that authorization part is based on java permissions.
 
pie. tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic