• Post Reply Bookmark Topic Watch Topic
  • New Topic

Question on Authentication and authorization  RSS feed

 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

What is the best and safe way to authenticate and authorize in a public facing website?

Thanks
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's kind of an open-ended question, but the Servlet API has a basic system with usernames, passwords and roles built in. In which kind of repository do you have the user data?
 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That would be my next question. I was planning on keeping it in the database , again I am not sure if it is the best practice.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A DB is the most common choice, but others are possible, e.g. LDAP directories. How exactly the servlet container is set up to access the repository depends on the server; Tomcat has the concept of realms. JDBCRealm and DataSourceRealm are available for DBs.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!