• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Servlet-4b Question - password authentication architecture

 
Ranch Hand
Posts: 63
Firefox Browser Postgres Database Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
While attempting to solve the Servlets-4b assignment, I've noticing that my solution continues to become more and more convoluted and it still does not produce some of the desired results.

After reading the intent of the assignment, it seemed to me that the containers built-in authentication api or servlet filters could be well suited to solving this problem. However, the assignment deliverables did not show that these features are used as a solution. So I attempted to mimic filters by decorating/wrapping my application ActionHandler classes with a subclass containing authentication logic. My thought being, I+ didn't want to duplicate all of this code in each action handler, so instead I'd wrap the authentication logic around the application logic.

So everything work good upon until a certain point. The Authentication sub-class .doAction() is called, the object detects that there so no authentication cookie set, so it forwards the ServletData object to the videologin.jsp rather than the actionhandler designated in by the "action" in ServletData request object.

The password is then entered by the user using the webpage rendered by the videologin.jsp, the container sends to new request and response objects back to ActionServlet, which then finds the "login" action handler. The login action handler creates the cookie and adds it to the ServletData and then *forwards* the request/response objects to .... ???; Well the login action handler doesn't know who called it so it doesn't have another JSP to redirect its response to, and it doesn't know which action handler was responsible for its invocation. So at this point, I'm stuck.

However not wanting to hold up the rest of the assignment design for this little problem, I continued testing the login actionhandler by hard coding the "com.javaranch.drive.video.VideoServlet" in the forward and I set a desired "action" for testing in the ServletData object. But at this point I get errors emitted from the container once the forward() is processed.

So, does anyone have a little advice to offer on a good design practices to use for password authentication using cookies? I probably wouldn't need to ask this question if I had more experience with Servlets.
 
village idiot
Posts: 1208
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Servlets and JSPs were a real challenge for me. Reading up on the basics is a good idea! Have a look at the source code for ActionServlet in jr.jar. Then think about the assignment and what you need to do. What are the actions that can be performed from the login page? What needs to happen for each of those actions? Try starting there with the authentication stuff! And good luck!
 
Ruth Stout was famous for gardening naked. Just like this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic