This week's book giveaway is in the Agile forum.
We're giving away four copies of Head First Agile and have Andrew Stellman & Jennifer Greene on-line!
See this thread for details.
Win a copy of Head First Agile this week in the Agile forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Want to create a single user admin login page  RSS feed

 
Ramakanta Sahoo
Ranch Hand
Posts: 256
Fedora Firefox Browser Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I'm basically new to JSP so dont know much about it.
I have few jsp files which are highly admin related and very unsecure as if someone knows the url can access and do what ever he want to do.

I created the jsp file to browse through directories, delete files, upload files , edit through browser.
the problem is this is not secured as anyone knowing the url can access and can edit delete all files in remote computer whre i have deployed the jsp file. So I wanted have a single user login page through which only 1 can go and land at my filebroser program.
I have seen in tomcat they have a administration page throgh which you need to login then only you will be able to access the application. I dont want to store the username and password in any database as only one user i require.I have a sample login page please help me what shall i do so that i will have a login page and a admin user and password to access my file browser programs.

 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 37261
519
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ramakanta,
What you do is have the admin pages check a certain value is in the HttpSession. You also have a login page which sets this session value on successful admin login.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A small suggestion: it's much more efficient to let the DB do the comparison task using a WHERE clause instead of hauling the complete table contents into Java's memory and comparing it using Java. Then you just need to check if ResultSet#next() returns true or not.
 
Ramakanta Sahoo
Ranch Hand
Posts: 256
Fedora Firefox Browser Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jeanne,Bauke for your valuable suggestions.

My point is as i need to authenticate only 1 user with UID: Admin Password: something
Why i will use a DB to compare values. For only a single user and password authentication dont you think it will be expensive to connect to a DB for checking. It would be convinient if i would have multiple users(>1) for authentication then DB will be the right choice. I dont know about the security aspects.

If anyone dont mind can some one put the code for WHERE clause cause am not getting it right.

thanks again for your help.
 
Balu Sadhasivam
Ranch Hand
Posts: 874
Android Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ramakanta Sahoo wrote:Thanks Jeanne,Bauke for your valuable suggestions.

My point is as i need to authenticate only 1 user with UID: Admin Password: something
Why i will use a DB to compare values. For only a single user and password authentication dont you think it will be expensive to connect to a DB for checking. It would be convinient if i would have multiple users(>1) for authentication then DB will be the right choice. I dont know about the security aspects.

If anyone dont mind can some one put the code for WHERE clause cause am not getting it right.

thanks again for your help.


Well if you need just one user name and password to be stored , you can consider using container provided or common security library to store the user name and encrypted password in a flat file and retrieve it each time.
For eg : weblogic provides a utility to encrypt a String and store in property file and retrieve to read it.
 
Srikanth Nutigattu
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are comfortable..
you can specify user details for whom you want to provide access in tomcat's xml configuration file.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66208
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Srikanth Nutigattu wrote:If you are comfortable..
you can specify user details for whom you want to provide access in tomcat's xml configuration file.


Not an approach I'd take. Not only does that severely limit what you can do, it makes your app container-dependent. Not the best approach.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ramakanta Sahoo wrote:

If anyone dont mind can some one put the code for WHERE clause cause am not getting it right.

There's a SQL tutorial at w3schools.com.

Regarding authentication, doing so in Tomcat's configuration is indeed a bad idea. Rather do it in webapp configuration. Either using some homegrown stuff or using container managed authentication.
 
Srikanth Nutigattu
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:
Not an approach I'd take. Not only does that severely limit what you can do, it makes your app container-dependent.


Agreed! It may not be the Best approach But, As he said:
Ramakanta Sahoo wrote:
I dont want to store the username and password in any database as only one user i require.


Bear Bibeault wrote:
it makes your app container-dependent.


As he said,
Ramakanta Sahoo wrote:
I have seen in tomcat they have a administration page throgh which you need to login then only you will be able to access the application.


Based on the statement above I assumed he wanted a "quick-fix" solution for Tomcat.

I agree its not the best option for portability. But it is the quick option. I would rather recommend using other techniques if you are looking at portability aspect too.
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 37261
519
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ramakanta Sahoo wrote: dont you think it will be expensive to connect to a DB for checking.

If you only have one user, it is very difficult to do anything expensive since there isn't contention for resources. It also positions you for if/when the number of users grows. I agree that a flat file might be a better option though.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!