Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

User authentication from database

 
Mark Wa
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi. I am a newbie to JEE.

I want to authenticate users from a list of users in a database, using a custom build form to log-in. I know there are things that can be configured in the web.xml but any tutorials I found dont explian about using a database for the list of users. I also want to restrict the servlets and jsps I have already created to only authenticated users.

Also there are 2 kinds of users that will have access to different pages.

Any help would be appreciated. Thanks in advance.
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi Mark,

you are talking about authentication using web.xml is FORM base authentication. But better use of Login page and ask user to enter user name and password.

Now after getting user name and password make select query which contains your name and password. select that user and just set session.

Using this process you can authenticate user at your application.

 
Mark Wa
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I currently have a login page that validates the credentials against the database. It then forwards the user onto a page according to their acces level or back to the login page with a message if the credntials dont match.

My problem now is how to make all the other pages besides the login page accessible only to the appropriate user(s).

I could put a huge if statement around the entire page to check what the user's access level is which is contained within the session and to display the page according to that, but that just seems like an awful solution.
 
Bosun Bello
Ranch Hand
Posts: 1511
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Assuming you are forwarding to the other pages via a controller or such, you can just check their access level before dispatching to any of the pages, and if they do not have the appropriate access level, forward them to a page with an appropriate message.
 
Mark Wa
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes. Thats what im doing at the moment. The problem I have is this is not secure enough as a user could just type the url of a paticular page. The system needs to be fairly secure as it could contain confidential information and will be available on the internet.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65227
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One word: Filters.
 
Jonathon Stride
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if you are using tomcat then whatever is present in WEB_INF and META_INF folders cant directly be accessed by the user , even if they type the URL , thats a simple way to do what you ask
 
Satya Maheshwari
Ranch Hand
Posts: 368
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:One word: Filters.


Filters is the right solution for your requirement.
http://java.sun.com/products/servlet/Filters.html
 
Mark Wa
Ranch Hand
Posts: 122
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks all. I will look into filters

Jonathon, what I meant by that was accessing jsp pages without authenticating. Not the web-inf stuff

I consider this question solved.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic