There are some pretty good resources for getting started on Servlet/JSP
stuff; try the O'Reilly books, especially the latest version of their
JSP book.
I suggest that you need to think of what you are wanting to do in 2 phases:
1. Login
2. Authenticate (using values supplied by login).
There are a couple of alternatives if you want to save your user's from
having to type in passwords over and over; since I'm kind of bored,
here's a brief list:
1. If you're users are on Windows desktops, then NTLM Auth can get
the User information from the browser (either IE or Firefox) without the
user having to login (see http://jcifs.samba.org/src/docs/ntlmhttpauth.html)
2. If you have then deployed, then you could use client-certificates
to authenticate users.
3. You could use a 'remember-me' library (typically uses cookies so
that user only has to login once).
Gagnon, Joseph M (US SSA) wrote:
Did I not say that I'm new to this?
I made no mention to whether or not I was trying to make it secure.
This is only meant to be used within my company's intranet and my
intention was to take the user account and then compare it with a set of
registered users in the application's DB.
I am beginning to see that at the very least I need to create some kind
of mechanism (although I don't understand yet how to go about that, or
how many different ways it can be done) to perform user authentication.
If anyone can provide information on how to do this (keep in mind I'm
new at this), please let me know.
-----Original Message-----
From: Robert Harper [mailto:[EMAIL PROTECTED]
Sent: Friday, June 10, 2005 10:59 AM
To: 'Tomcat Users List'
Subject: RE: Problem with security?
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
www.ipov.net
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
