Hi,
When a user first accesses our web application they are directed to the
login page. They enter their username and password which is sent to a
servlet for authentication - we check that their details match with those in
a database. If successful a user token is stored in their session
indicating that they are now logged in to the web application: each
successive time they access a servlet it will check for the user token. All
authentication is achieved programmatically.
However, I am used to the EJB system where a user is automatically
associated with the current thread each time they access an EJB - all
authentication and authorisation can therefore be acheived through EJB
deployment descriptors rather than doing it programmatically as with the
servlets. Is there a similar system of associating the current thread with
the user in the servlet API as there is with EJBs? If so, how to do it and
where is the info?
For example: each time the same user accesses a servlet their credentials
are automatically associated with the current thread.
Many thanks,
Myles
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
