• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
Bartenders:
  • Piet Souris
  • Jj Roberts
  • fred rosenberger

confusion regarding authentication

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In HFSJ(2nd ed.) in page 688 it says 'when you are using declarative authentication , the client never makes any direct request for the login' - and there is explain that way you can ensure that login information can always be made sure to be transported through SSL.

But what about the web applications where user generally have to login even before actually start using the application.
How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp



That's what they mean by 'when you are using declarative authentication , the client never makes any direct request for the login'. If the client access a protected resource, he will be asked to login. So if you protect all resources, the client will have to login at least once before accessing any page.
 
B Misra
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Christophe Verré wrote:

How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp



That's what they mean by 'when you are using declarative authentication , the client never makes any direct request for the login'. If the client access a protected resource, he will be asked to login. So if you protect all resources, the client will have to login at least once before accessing any page.



Thanks for reply, but I wish to know what happens in the web applications (jsp-servlet tech) we come across everyday where we have to log-in first , more precisely the first page itself is a login jsp . Instead of declarative authentication what is used there?
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Instead of declarative authentication what is used there?


It is declarative authentication. If you access a protected resource, and you use a FORM authentication, the container will redirect you to the login page automatically. For example:

This will force any access to the web application to be redirected to the login page if the user is not yet authenticated.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic