Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

sequre login in web based application

 
divya chamarti
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
will any body help me to tell how to store all the login details in a web-application form based using servlets/struts and how to show these details to user if he/she wants ,
and also the technique for :
if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose
 
Richard Green
Ranch Hand
Posts: 536
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Typically one would store the username and password in the database and when an user logs into the system, the credentials are checked against the database.

if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose

Have a look at javax.servlet.http.HttpSessionListener
 
divya chamarti
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks Lynette
can you specify what do you mean by
when an user logs into the system, the credentials are checked against the database.
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
can you specify what do you mean by
when an user logs into the system, the credentials are checked against the database


The information(username, password and the roles to which the user belongs) about all *valid* users in the application will be stored in tables in a database. Whenever a users tries logging into your application, you will check the username and password against the information present in the tables to authenticate the user.
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
However, its not a hard and fast rule that you maintain the information in the database. If you are just trying out a sample application on authentication then you can have property files containing the username and password information. If its for a production application then you could go for database authentication
 
Yogendra Joshi
Ranch Hand
Posts: 213
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by jaikiran pai:
However, its not a hard and fast rule that you maintain the information in the database. If you are just trying out a sample application on authentication then you can have property files containing the username and password information. If its for a production application then you could go for database authentication


Well , Also there is an more easy way for this. Simply define the users in the tomcat-users.xml file. But as said by jaikiran if it is for the production server then the best would be Database.

Cheers.
Yogendra Joshi.
 
Romi Dave
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose



Have a look at javax.servlet.http.HttpSessionListener


Can you please explain how to use HttpSessionListener. This interface has just two methods sessionCreated( ) and sessionDestroyed() to tract the sessions so how can we use it to track multiple session for a same username and password.

Thanks,
[ August 02, 2006: Message edited by: Romi Dave ]
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Yogendra Joshi:


Well , Also there is an more easy way for this. Simply define the users in the tomcat-users.xml file. But as said by jaikiran if it is for the production server then the best would be Database.

Cheers.
Yogendra Joshi.


I am not sure but just guessing, those users will not be application specific, right??? or may be we can set application also for users...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic