Users and authentication - how?

[Dola Woolfe <do...@yahoo.com>]

Hi,

I'm missing something very basic. I will develop a web application with users and authentication.

Surely, there exists a relatively generic approach to this that includes a backend database, new user form and authentication rules! But I can't find. Can someone direct me as to where to start my research?

Thanks!

Dola

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Users and authentication - how?

[Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>]

>-----Original Message-----
>From: Pid [mailto:pid@pidster.com]
>Subject: Re: Users and authentication - how?
>
>On 20/09/2011 15:40, Leo Donahue - PLANDEVX wrote:
>>> -----Original Message-----
>>> From: Pid [mailto:pid@pidster.com]
>>> Subject: Re: Users and authentication - how?
>>>
>>> On 18/09/2011 21:42, java4dev wrote:
>>>>  * Implement your own using phase listeners.
>>>
>>> WTF is a 'phase listener'?
>>>
>>>
>>> p
>>
>> Maybe it's related to this?...
>> http://www.jsfcentral.com/listings/A92000?link
>
>So the solutions to solve a trival login problem were: a) use an
>enormous framework, b) read the docs and c) refer to a).
>
>Awesome.
>
>
>p
>

It looks that way.  And funny how option a) still requires option b) - I mean, if you choose to go with option a) as your starting point.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Users and authentication - how?

[Pid <pi...@pidster.com>]

On 20/09/2011 15:40, Leo Donahue - PLANDEVX wrote:
>> -----Original Message-----
>> From: Pid [mailto:pid@pidster.com]
>> Sent: Tuesday, September 20, 2011 6:29 AM
>> To: Tomcat Users List
>> Subject: Re: Users and authentication - how?
>>
>> On 18/09/2011 21:42, java4dev wrote:
>>>  * Implement your own using phase listeners.
>>
>> WTF is a 'phase listener'?
>>
>>
>> p
> 
> Maybe it's related to this?... http://www.jsfcentral.com/listings/A92000?link

So the solutions to solve a trival login problem were: a) use an
enormous framework, b) read the docs and c) refer to a).

Awesome.


p

RE: Users and authentication - how?

[Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>]

>-----Original Message-----
>From: Pid [mailto:pid@pidster.com]
>Sent: Tuesday, September 20, 2011 6:29 AM
>To: Tomcat Users List
>Subject: Re: Users and authentication - how?
>
>On 18/09/2011 21:42, java4dev wrote:
>>  * Implement your own using phase listeners.
>
>WTF is a 'phase listener'?
>
>
>p

Maybe it's related to this?... http://www.jsfcentral.com/listings/A92000?link


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Users and authentication - how?

[Pid <pi...@pidster.com>]

On 18/09/2011 21:42, java4dev wrote:
>  * Implement your own using phase listeners.

WTF is a 'phase listener'?


p

Re: Users and authentication - how?

[java4dev <ja...@gmail.com>]

If you find please share it with the rest of us.
The only solution I could find is

  * either use a portal solution which has already implemented a
    security model like, Jetspeed 2. uportal etc
  * go with the default models as they are presented in JEE tutorial,
    basic , form etc.
  * Implement your own using phase listeners.


Using a portal takes time to learn.
The default models are very primitive, they do not support localization 
or roles. They have roles but basically there is 1-1 mapping between 
roles and groups which is not very practically in real applications.
Phase Listeners seems the most promising approach.

I had already done alot of work designing the db schema for security and 
the stored procedures but I couldn't decide to go for phase listeners as 
there is no clear guideline on how to use them or if it is the right 
approach for such a problem.
I finally decided to go for the form which created a very ugly interface 
as several languages are not supported and as said the security model is 
very primitive.

Please tells us how you decided to proceed if you continue with this 
endeavour.



???? 18/9/2011 6:17 ??, ?/? Dola Woolfe ??????:
> Hi,
>
> I'm missing something very basic. I will develop a web application with users and authentication.
>
> Surely, there exists a relatively generic approach to this that includes a backend database, new user form and authentication rules! But I can't find. Can someone direct me as to where to start my research?
>
> Thanks!
>
> Dola
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

Re: Users and authentication - how?

[Thomas Strauß <t....@srs-management.de>]

check the j2ee specs on the declaration in web.xml and j_securitycheck form based login servlet for use of jaas in your webapp with the tomcat realm as source of authentication data.

best regards,
thomas

-- 
Thomas Strauß
SRS-Management GmbH
HRB 25262 AG Darmstadt
Gfs.: Detlev Homilius, Thomas Strauß
*** sent via mobile phone




Am 18.09.2011 um 17:17 schrieb "Dola Woolfe" <do...@yahoo.com>:

> Hi,
> 
> I'm missing something very basic. I will develop a web application with users and authentication.
> 
> Surely, there exists a relatively generic approach to this that includes a backend database, new user form and authentication rules! But I can't find. Can someone direct me as to where to start my research?
> 
> Thanks!
> 
> Dola
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

RE: Users and authentication - how?

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: Dola Woolfe [mailto:dolachin@yahoo.com] Subject: Users and authentication - how?

> Surely, there exists a relatively generic approach to this that 
> includes a backend database, new user form and authentication 
> rules! But I can't find. Can someone direct me as to where to 
> start my research?

First, read the servlet spec section concerning authentication.

Second, read Tomcat's doc about selecting and configuring a <Realm> for the particular authentication mechanism you want to use.  You didn't bother to tell us the version of Tomcat you have, but here's the link for the current one:

http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html

You also might want to look at the How To part of the Tomcat Wiki; there are a few entries in there related to authentication.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Users and authentication - how?

[MiB <di...@gmail.com>]

18 sep 2011 kl. 17.17 Dola Woolfe wrote:

> Hi,
>
> I'm missing something very basic. I will develop a web application  
> with users and authentication.
>
> Surely, there exists a relatively generic approach to this that  
> includes a backend database, new user form and authentication rules!  
> But I can't find. Can someone direct me as to where to start my  
> research?


I'm using Spring Security Framework http://static.springsource.org/spring-security/site/ 
.

/MiB





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org