Forums Register Login

sequre login in web based application

+Pie Number of slices to send: Send
will any body help me to tell how to store all the login details in a web-application form based using servlets/struts and how to show these details to user if he/she wants ,
and also the technique for :
if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose
+Pie Number of slices to send: Send
Typically one would store the username and password in the database and when an user logs into the system, the credentials are checked against the database.

if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose


Have a look at javax.servlet.http.HttpSessionListener
+Pie Number of slices to send: Send
thanks Lynette
can you specify what do you mean by
when an user logs into the system, the credentials are checked against the database.
+Pie Number of slices to send: Send
 

can you specify what do you mean by
when an user logs into the system, the credentials are checked against the database



The information(username, password and the roles to which the user belongs) about all *valid* users in the application will be stored in tables in a database. Whenever a users tries logging into your application, you will check the username and password against the information present in the tables to authenticate the user.
+Pie Number of slices to send: Send
However, its not a hard and fast rule that you maintain the information in the database. If you are just trying out a sample application on authentication then you can have property files containing the username and password information. If its for a production application then you could go for database authentication
+Pie Number of slices to send: Send
 

Originally posted by jaikiran pai:
However, its not a hard and fast rule that you maintain the information in the database. If you are just trying out a sample application on authentication then you can have property files containing the username and password information. If its for a production application then you could go for database authentication



Well , Also there is an more easy way for this. Simply define the users in the tomcat-users.xml file. But as said by jaikiran if it is for the production server then the best would be Database.

Cheers.
Yogendra Joshi.
+Pie Number of slices to send: Send
 

if the authenticated user is using the application meanwhile no other persone , even if he is knowing the correct username and password , can use the same application untill the user has logged out , for sequrity purpose




Have a look at javax.servlet.http.HttpSessionListener



Can you please explain how to use HttpSessionListener. This interface has just two methods sessionCreated( ) and sessionDestroyed() to tract the sessions so how can we use it to track multiple session for a same username and password.

Thanks,
[ August 02, 2006: Message edited by: Romi Dave ]
+Pie Number of slices to send: Send
 

Originally posted by Yogendra Joshi:


Well , Also there is an more easy way for this. Simply define the users in the tomcat-users.xml file. But as said by jaikiran if it is for the production server then the best would be Database.

Cheers.
Yogendra Joshi.



I am not sure but just guessing, those users will not be application specific, right??? or may be we can set application also for users...
Are we home yet? Wait, did we forget the tiny ad?
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 774 times.
Similar Threads
Glasfish: JDBC Realm and Session Tracking.
EJB, JDBC Realm, Session tracking
j_security_check???????
WSDL question
STRUTS : Passing control across applications ...
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 13:55:20.