Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

storing password into session with filters

 
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, Let's say i have the following filter for some jsp pages I have:



This code I intend to use to validate the pages so that the user won't enter any page without a password.

However it got me thinking, how do I start a password into a session? or better yet is it a good idea? what other alternative do i have?

Thanks,
 
Ranch Hand
Posts: 1211
Mac IntelliJ IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why not have a login page, that does the login and sets a 'validated' session attribute.
Then, in the filter, if 'validated' attribute is not present, send the user to the login page.
 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your reply,

but can you clarify what a 'validated' session is?
 
Sonny Gill
Ranch Hand
Posts: 1211
Mac IntelliJ IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ohh..I meant any session attribute that is only set on the login page, and so , if found in session, means that this user is already validated.
I will probably use a session attribute with name 'validated' and value Boolean.TRUE
 
Ranch Hand
Posts: 544
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I would suggest using the Security features which Servlet Specs provides you.
You can use <login-config> element to configure a FORM based authentication with login.jsp as the login form. You can secure the resources which you want user to access only in logged-in state using <security-constraint> element in web-app.
Please have a look at Servlet specs or any good tutorial on the web about this.
regards,
Amit
 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
amit,

that would be a good idea if i can integrate to a database, however, from what i've seen from the servlet specs is that users are to be defined in the web.xml file.
 
Sheriff
Posts: 67637
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ali Khalfan:
is that users are to be defined in the web.xml file.


Only if you want to. I choose not to and, like amit, use a database for more fine-grained control over the entire authentication and role/permission management aspect of user management.

Using the spec-defined authentication schemes is an option, not a requirement.
 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
can someone help me out here.

I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example


thanks,
 
author & internet detective
Posts: 41086
848
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ali Khalfan:
can someone help me out here.

I don't want to use anything proprietary here like tomcat or ibm or JBOSS. Is there anyway I can use it just with servlets for example


A database isn't proprietary. Whenever a user logs in, you go to the database to validate their username/password combination. If it is correct, you set a boolean attribute in the session (the validated attribute mentioned above.)
 
Ali Khalfan
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Jeanne, I'm not saying that databases are proprietary, I'm just saying that all methods I've found are always related to a web engine. For example IBM or tomcat.

I'm just trying to find more info on how to apply this validation thing without a filter

Thanks,
 
This guy is skipping without a rope. At least, that's what this tiny ad said:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic