• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • Devaka Cooray
Saloon Keepers:
  • Ganesh Patekar
  • Tim Moores
  • Carey Brown
  • Stephan van Hulst
  • salvin francis
Bartenders:
  • Ron McLeod
  • Frits Walraven
  • Pete Letkeman

login  RSS feed

 
Ranch Hand
Posts: 66
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I'm trying to run my login jsp, I have method that make login in the back-bean that call a method from the DAO class, this method that is in the DAO class not work will with me
can any one help me to achieve it?

This is the method in the DAO class:






thank you in advance,
 
Bartender
Posts: 19814
93
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The technical term for webapps that use a "login.jsp" with code is "hacked".

You shouldn't try to write your own login. "Experts" have done that, and their work has been hacked in under 15 minutes. Security is not for people who aren't specifically trained in security and should never be designed by people  who are supposed to be doing other, more "important" things as well.

The J2EE/JEE standard has a builtin security framework that was designed and tested by full-time security professionals. You should use that. You don't even have to write login code, since the login code is already part of your webapp server. It uses the login/loginfail pages named in your web.xml file as form templates (if you're using form-based logins).

If you use the standard container security system, you can also use its features, such as role-based URL authorization and the J2EE security functions.

An app that uses standard container security can always tell who the logged-in user is by checking the HttpServletRequest's getRemoteUser() method. This will return the user's login id. Or null, if the user is not logged in.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!