User authentication methods (or ways to login a user)

2003-08-26 Thread Cezar Nasui 
Hi,

I'm new to Struts and to getr used to it I developped an application which
has to log in a user by checking records in a database.
After reading more posts about user authentication I've got puzzled and now
I try to clarify this thing.

I identified the following ways to do the authentication:
1. session variable on user login, check the variable on each action
2. filter authentication
3. security contraints = container authentication (?)
4. using a tag in each jsp for the validation

Are there any other methods?

As for what method should one use I think depends on many factors like the
complexity of the application, habits, etc but the first method is not for
use in applications with many Actions as you'll need to add session
validation code in each action = more difficult to develop and maintain.
Any other things one should know before considering one of this methods?

Thanks,
Cezar


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: User authentication methods (or ways to login a user)

2003-08-26 Thread Bill Chmura 


I just went through a whole slew of options, and in the end settled on
letting tomcat do form based authentication.  It works.  Good
instructions on it in the tomcat docs.

Playing with the app directory structure to get a good fit took a little
tweaking, I ended up moving everything around a bunch.  the app uses
tiles, so I had to sport a secured section and unsecured section...

So I have a /app directory that is secured by the container.  I also
prefixed all my secured actions with /app/show_menu.do (app on the
front) which seems to prevent me from calling it directly.  Can someone
tell me if this is bad?  I plan on doing more checking in the actions
for levels of access...

There also is some tag for struts actions for roles (I should go look
that up).





   -Original Message-
   From: Cezar Nasui [mailto:[EMAIL PROTECTED] 
   Sent: Monday, August 25, 2003 11:33 PM
   To: Struts Users Mailing List
   Subject: User authentication methods (or ways to login a user)
   
   
   Hi,
   
   I'm new to Struts and to getr used to it I developped an 
   application which has to log in a user by checking records 
   in a database. After reading more posts about user 
   authentication I've got puzzled and now I try to clarify this thing.
   
   I identified the following ways to do the authentication:
   1. session variable on user login, check the variable on 
   each action 2. filter authentication 3. security contraints 
   = container authentication (?) 4. using a tag in each jsp 
   for the validation
   
   Are there any other methods?
   
   As for what method should one use I think depends on many 
   factors like the complexity of the application, habits, etc 
   but the first method is not for use in applications with 
   many Actions as you'll need to add session validation code 
   in each action = more difficult to develop and maintain. 
   Any other things one should know before considering one of 
   this methods?
   
   Thanks,
   Cezar
   
   
   ---
   Outgoing mail is certified Virus Free.
   Checked by AVG anti-virus system (http://www.grisoft.com).
   Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
   
   
   
   -
   To unsubscribe, e-mail: [EMAIL PROTECTED]
   For additional commands, e-mail: [EMAIL PROTECTED]
   


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]