There are so many ways to accomplish this depending upon what kind of
browser/client sofware your users are using, and how mickey-mouse
a solution you are prepared to use :
1. As long as you know that your users have a browser that supports
cookies (and this is now a security risk on the client side) you could
use Sessions to authenticate. ie. accept input from user on page,
it into a new ly create HttpSession object, and then at each stage
you can authenticate user/password info against a server stored
database.
Very secure - just remember to either kill the cookie at the end, or
give it an expiration date which you can validate
2. You can do the same thing (much less proffesionally) by passing the
username/password around in the parameters for http POST operations.
Mostly Secure but a hassle
3. If your not going for terribly good security, you could just use a secure
gateway - take username/password in a form, evaluate against a user
database and then when validated successfully send them to the protected
pages and don't worry about checking again.
Pretty Insecure
Hope that helps a bit,
Trevor.
----- Original Message -----
From: "Vladimir Vanyukov" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Monday, April 22, 2002 3:17 PM
Subject: Security
> I have seen this question here many times and have seen many answers but
> most of them never really ANSWERED the question. So I figured I'd ask
> one more time. Is there anyway to programmatically authenticate users?
>
> Example:
> If I have s simple username/password form somewhere on an unprotected
> page, how do I use that information (assuming the user filled it out and
> submitted it) to allow him to view protected pages?
>
>
> --
> To unsubscribe: <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
