Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security filter question  RSS feed

 
Gavi Raaghav
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since the request from the client is first intercepted by the filter how can it sauthenticate the user since there is no info available bout the user.Do i need to call the database from the doFilter method to validate the credentials? If yes then whats the use of using the security filter as this task can be done without it as well?
 
Pedro Gongora
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
the idea of security filter is that you can encapsulate security outside of your servlets/jsps.

By itercepting every request, filter can verify if the user already established a session with the system, if not, you can redirect to a login screen and validate user credentials (via database, ldap, etc.) before the user access any secured content.

That way, you can code your servlets an jsps "ignoring" security, trusting filters authentication. This scheme makes your app more maintainable and easy to code and understand.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're using container managed security, there is no need for one.

If you're implementing your own security, a filter is a very easy way to check for the needed session objects or redirect to the login screen for every request without having to paste the same code into every servlet/jsp.
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!