Whilst Tomcat's JDBC Realm's are easy to set up and get working,
(http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html), I'm
wondering how easy it might be to write our own authentication mechanism
using Filters ? There are a few reasons for this,
1) We'd like a security mechanism which has "Groups" as well as users and
roles, with roles attached to groups (as well as users).
2) The current JDBC Realm is logging off users (sometimes within a minute of
them logging-in).
3) We'd like a security mechanism that will work with Weblogic and Websphere
as well as Tomcat, with little (or no) change.
4) We would like the passwords encrypted in the database.
Having thought about this for a while, it seems that I could easily write
one as follows,
- create a AuthenticatedUser javabean
- write a Filter that checks whether an AuthenticatedUser object exists in
the session. If it does, the user is authenticated. If not, the Filter
redirects to a log-in page instead. Also remember the originally requested
URL.
- create a login page and an associated FormHandler which simply
authenticates against the database and creates an AuthenticatedUser object
in the session, then redirects to the originally requested URL.
Is that it or have I overlooked something? It seems a bit too simple.
Thank you very much in advance.
Soefara Redzuan.
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
- Re: How to write custom authentication method forTomca... Soefara Redzuan
- Re: How to write custom authentication method for... Craig R. McClanahan
