will any body help me to tell how to store all the login details in a web-application form based using servlets/struts and how to show these details to user if he/she wants , and also the technique for : if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose
Typically one would store the username and password in the database and when an user logs into the system, the credentials are checked against the database.
if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose
Have a look at javax.servlet.http.HttpSessionListener
can you specify what do you mean by when an user logs into the system, the credentials are checked against the database
The information(username, password and the roles to which the user belongs) about all *valid* users in the application will be stored in tables in a database. Whenever a users tries logging into your application, you will check the username and password against the information present in the tables to authenticate the user.
However, its not a hard and fast rule that you maintain the information in the database. If you are just trying out a sample application on authentication then you can have property files containing the username and password information. If its for a production application then you could go for database authentication
Originally posted by jaikiran pai: However, its not a hard and fast rule that you maintain the information in the database. If you are just trying out a sample application on authentication then you can have property files containing the username and password information. If its for a production application then you could go for database authentication
Well , Also there is an more easy way for this. Simply define the users in the tomcat-users.xml file. But as said by jaikiran if it is for the production server then the best would be Database.
if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose
Have a look at javax.servlet.http.HttpSessionListener
Can you please explain how to use HttpSessionListener. This interface has just two methods sessionCreated( ) and sessionDestroyed() to tract the sessions so how can we use it to track multiple session for a same username and password.
Thanks, [ August 02, 2006: Message edited by: Romi Dave ]
Well , Also there is an more easy way for this. Simply define the users in the tomcat-users.xml file. But as said by jaikiran if it is for the production server then the best would be Database.
Cheers. Yogendra Joshi.
I am not sure but just guessing, those users will not be application specific, right??? or may be we can set application also for users...
Post by:autobot
Are we home yet? Wait, did we forget the tiny ad?
a bit of art, as a gift, that will fit in a stocking