jsp authentication
Hi All,
At the moment I am calling stored procedure and passing it username and password from login form. Than if login credentials are valid I set session variable called "username" to value of username from the login form.
This works just fine. the only thing is that my HTML code is cluttered with Java code. I want to be able to create a custom tag to do authentication than all I had to do would be to include that tag into every page that needs authentication. Question is: How I access session object from my tagHandler class?
Form based (container) authentication is not an option because my password is hash of username + password that user supplies. (As far as I understand containter authentication can only work if you have plain text passwords).
Your help would be highly appreciated.
Cheers,
Midrago
[856 byte] By [
Midragoa] at [2007-11-27 9:28:54]
# 1
> the only thing is that my HTML code is cluttered with Java codeThen just move the Javacode to Servlets, or even better in this case, Filters?
# 2
Hi mate,
Sorry for cross posting.
Filters seem to provide necessary work-around but as many documents point out they degrade performance.
Form based authentication sounds attractive but as I said it can only deal with plain text passwords which is unacceptable for enterprise grade applications. Would you know if there are any links that discuss that topic in more detail?
Cheers,
Midrago
# 3
You haven't mentioned what server you are using.
If it is Tomcat, then the standard forms-based authentication DOES support your requirement. You can store your password using any of the common encryption methods supported by the java MessageDigest class.
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#Digested%20Passwords
I would presume that other server implementations also provide support for this sort of thing. After all as you said, it is a fairly fundamental requirement.
Cheers,
evnafets
# 4
Hi Mate,I have just read the article and saw that they are using XML file to store the user name passwords. Is it also possible to read the passwords form a database table?Thanks for help I appreciate it a lot.Cheers,
# 6
Hi Guys,
I got my application to use form authentication.
Good example can be found at: http://java.sun.com/javaee/5/docs/tutorial/doc/Security-WebTier6.html#wp594013
The only things I had to change are:
- add digest="md5" into <realm> tag of the server.xml file.
Than I just added some MD5s of passwords into users table and it works beautifully.
Thanks again for all the support.
Regards,
Midrago
# 8
Is using realm only for authentication and authorization or also it helps to send password in encrypted form over the net...
i got authentication n authorization working using JNDI...rather than JNDIrealm..
but now i m concerned abt the data tht is been send over to server...
i google it n only solution i found was using certificates provided by different CA(Certificate Authority)..
so if any1 can help me clearing my doubt?
thanks..............
