• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Validating users without writing my own login system?

 
Mark McKay
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd like to create a website that will allow users to log in, create content and save their state so that they can retrieve it if they log in again. I've taken a stab at creating my own login system, but I'm worried about security and keeping personal user info on my server where it could be hacked. Are there any good options for authenticating users aside from a rolling your own code?
 
Tim Holloway
Saloon Keeper
Posts: 18300
56
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are VERY good options. The J2EE standard specifies a Container-Managed security system that handles both user authentication (login) and authorization of selected services via Role-Based Access Control (RBAC). It's handled by configuring web.xml and by server-specific Realm configuration. Plus, there are methods in the J2EE API that leverage this subsystem.

You don't have to write any login code of your own at all - the container manages the process automatically. And, unlike about 95% of all the user-designed login systems I've encountered over the years, it has been subjected to professional testing and is a well-documented standard. It's also fully implemented in all J2EE and JEE standards-compliant appservers, even the minimalist ones such as Tomcat.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65216
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Though in most cases you're still going to need to store the user credentials somewhere. Be sure not to store passwords in plain text, or using any two-way encryption. Store passwords as a secure hash that cannot be reversed.
 
salvin francis
Bartender
Posts: 1308
10
Eclipse IDE Google Web Toolkit Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I suggest you also look at Spring Security
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic