I would like to get some views on how to implement a custom login/authentication for a web application.
I like to keep the project as simple as possible, yet with flexibility, using my own custom user object with different roles and attributes.
I am using java/jsp with tomcat.
I have previously used form based authentication with tomcat.
In server.xml I configured the application with Realm inside the application context.
org.apache.catalina.realm.JDBCRealm
using my own userRoleTable for the custom user in my database
To actually get my user object in the servlet I do the following:
String username = request.getUserPrincipal().getName();
I then get the user from my user table based on the username as query parameter.
List<MyUser> myUsers = DAOFactory.DEFAULT.buildMyUserDAO().findByname(username);
...
Is there any other cleaner/better way to do this with tomcat?
Do you have other suggestions for how to handle custom user login/authentication?
Spring or something else?
Thanks