• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

java custom login, strategy

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would like to get some views on how to implement a custom login/authentication for a web application.
I like to keep the project as simple as possible, yet with flexibility, using my own custom user object with different roles and attributes.
I am using java/jsp with tomcat.

I have previously used form based authentication with tomcat.
In server.xml I configured the application with Realm inside the application context.
org.apache.catalina.realm.JDBCRealm
using my own userRoleTable for the custom user in my database

To actually get my user object in the servlet I do the following:
String username = request.getUserPrincipal().getName();
I then get the user from my user table based on the username as query parameter.
List<MyUser> myUsers = DAOFactory.DEFAULT.buildMyUserDAO().findByname(username);
...

Is there any other cleaner/better way to do this with tomcat?

Do you have other suggestions for how to handle custom user login/authentication?
Spring or something else?

Thanks
 
Ranch Hand
Posts: 116
Eclipse IDE Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Especially in Tomcat it is not too difficult to implement your own Realm and Principal. You can stuff pretty much anything you need in the Principal derivation and access it using getUserPrincipal(). If you know that the Principal instance returned is of your type, just cast it and you can get to whatever you put into it.

In other words:
1.) Write your own Principal class that holds whatever data you want to have available (and that you have available to populate it with). If memory serves correct, this may have to derive from the existing Tomcat Principal class.
2.) Write your own Realm class (hint: copy the existing RDBMSRealm and make changes)
3.) Declare your Realm in server.xml
4.) In your application, call getUserPrincipal() and cast the result to your Principal derived class

Hints:
Look at the Tomcat realm source code for the realms, unless you are doing DIGEST or CERTIFICATE authentication, you can forgo implementing a number of the authentication methods.
It's better to declare an interface that your Principal implements and cast to that. Keep the Tomcat specific stuff in a different JAR (project) so that your app does not become tied to Tomcat.
 
Your mind is under my control .... your will is now mine .... read this tiny ad
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic