• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
  • Rob Spoor
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Carey Brown
Bartenders:

What is the best way to add login to your web application

 
Ranch Hand
Posts: 68
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a web app with spring framework + Hibernate that I want to add a user login to access the app, what's the best practice to handle the login/ store password password?

I read a lot during my research, that spring provide security jar to handle it. Also I worked before on encrypted the passwords using ASE algorithm, probably will go with it to encrypt the password.


Can someone please share their ideas.. Thanks!
 
Marshal
Posts: 5508
326
IntelliJ IDE Python Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using Spring Security for your login functionality is probably your best solution. It comes with a bunch of built in password encryption options and is flexible enough to let you use your own if you so desire.
 
Saloon Keeper
Posts: 26534
187
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a login process that's defined as part of the core J2EE security specification. Every J2EE/JEE server of any consequence - including the lightweight ones like Tomcat and jetty support it. It intercepts all URL requests and automatically handles login as needed as well as providing role-based access control (RBAC) to URL. A very secure mechanism that has been in place for many years and which can be augmented by secondary (in-app) security frameworks. By blocking many of the the worst of the attacks before they can reach application components, the application is defended without the need to design, write, or debug basic security code.

Because it's part of the basic server implementation specs, it's well-documented and well-supported, unlike the "one-off" Do-It-Yourself security systems that almost always have massive holes in them and frequently don't get applied correctly when the app is later updated by people who didn't know anything about the original application specs. It also has functions built right into the J2EE APIs, which is more than can be said for the do-it-yourself stuff.

For about 95% of all interactive web applications, this should be your login system and primary line of defense, regardless of what secondary security you might apply on top of it.
 
Samar Land
Ranch Hand
Posts: 68
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Could you please provide me an example/tutorial that you know?
 
Tim Holloway
Saloon Keeper
Posts: 26534
187
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As I said, it's a well-documented standard. Most J2EE books will have an example along with how to configure secure transport (SSL). They'll generally then ruin it by following up with a Do-It-Yourself login code example
 
Ranch Hand
Posts: 499
Spring AngularJS Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Samar Land wrote:Could you please provide me an example/tutorial that you know?



Try these

XML Configuration

Annotation Configuration
 
Samar Land
Ranch Hand
Posts: 68
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One of the best tutorial I've ever had to understand how the Spring Security is working. Like to share it with you guys

http://www.studytrails.com/frameworks/spring/spring-security-method-level.jsp
reply
    Bookmark Topic Watch Topic
  • New Topic