• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Validating users without writing my own login system?

 
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'd like to create a website that will allow users to log in, create content and save their state so that they can retrieve it if they log in again. I've taken a stab at creating my own login system, but I'm worried about security and keeping personal user info on my server where it could be hacked. Are there any good options for authenticating users aside from a rolling your own code?
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are VERY good options. The J2EE standard specifies a Container-Managed security system that handles both user authentication (login) and authorization of selected services via Role-Based Access Control (RBAC). It's handled by configuring web.xml and by server-specific Realm configuration. Plus, there are methods in the J2EE API that leverage this subsystem.

You don't have to write any login code of your own at all - the container manages the process automatically. And, unlike about 95% of all the user-designed login systems I've encountered over the years, it has been subjected to professional testing and is a well-documented standard. It's also fully implemented in all J2EE and JEE standards-compliant appservers, even the minimalist ones such as Tomcat.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Though in most cases you're still going to need to store the user credentials somewhere. Be sure not to store passwords in plain text, or using any two-way encryption. Store passwords as a secure hash that cannot be reversed.
 
Bartender
Posts: 2911
150
Google Web Toolkit Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I suggest you also look at Spring Security
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic