Hello,
I have interesting problem with an authentication. I use a
JDBCRealm. I have a protected area. When a user comes to the protected
area, server redirects the user to the login page. If the user knows his
user name and password, he writes it and submits login form.
If the user does not know user name and password, he clicks link on
the login page to the "register page". On the register page, he creates
new user account - he types login name, password (twice) and e-mail.
After submition of the HTML form, my JSP does some checks - similarity
of passwords, individuality of user name, etc... If everything is OK,
registration is successful - JSP writes user name, password and e-mail
into the users table in DB. If not, registration fails and user comes
back to the registration page.
Problem is, that in the case of successful registration, user must
go back to the login page and log into the application. He must type
username and password again. But I have all information to login user
into protected area on the server (user types it during the
registration). Can I write any server side code, that log in the user,
if I have his login name and password from the registration form and I'm
sure, that user name and password are correct and registration is
successful?
There is idea create login form on the server and fill login name
and password on the server. Bud I think that writing of password into
HTML source and sending it to a WWW browser is not secure.
Thank you.
Lipi
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
