Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Validating users without writing my own login system?

 
Mark McKay
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd like to create a website that will allow users to log in, create content and save their state so that they can retrieve it if they log in again. I've taken a stab at creating my own login system, but I'm worried about security and keeping personal user info on my server where it could be hacked. Are there any good options for authenticating users aside from a rolling your own code?
 
Tim Holloway
Saloon Keeper
Posts: 18365
56
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are VERY good options. The J2EE standard specifies a Container-Managed security system that handles both user authentication (login) and authorization of selected services via Role-Based Access Control (RBAC). It's handled by configuring web.xml and by server-specific Realm configuration. Plus, there are methods in the J2EE API that leverage this subsystem.

You don't have to write any login code of your own at all - the container manages the process automatically. And, unlike about 95% of all the user-designed login systems I've encountered over the years, it has been subjected to professional testing and is a well-documented standard. It's also fully implemented in all J2EE and JEE standards-compliant appservers, even the minimalist ones such as Tomcat.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65335
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Though in most cases you're still going to need to store the user credentials somewhere. Be sure not to store passwords in plain text, or using any two-way encryption. Store passwords as a secure hash that cannot be reversed.
 
salvin francis
Bartender
Posts: 1339
11
Eclipse IDE Google Web Toolkit Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I suggest you also look at Spring Security
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic