You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Giulio Vezzelli <gi...@vezz.it> on 2002/12/17 00:16:50 UTC

How to implement a basic login

Greetings,

    this is my first posting in the Tomcat-User mailing list, after a couple
of months of "read-only". At work we just began working with Tomcat, after I
proposed it as our new platform / application-server for our web
applications. I managed to wrote some basic applications (JDBC connectivity,
some servlets, ecc) without help, but now I'm unsure how to implement our
login routines.

I do not quite understand if my "old" LoginManager servlet can do the job
(it stores the logged in user in a session parameter), or if I should focus
on some more security-specific Tomcat feature (like "realms", but I may have
misunderstood what they are).

Our applications are not security-critical (they are mostly for intranet
use) but still need a login; even though I want to implement since the
beginning something which can be ported to the internet. My task is to
create a login system for simple e-commerce-like catalogs and data query
pages (some users can see only certain data, the administrator can see
everything, and so on; we did this "manually" until now).

If anyone has some good advice on how to learn such task in a "modern" way,
I would be grateful :)

I'm running Tomcat 4.1.12 (and a 4.1.16 test environment), on JDK 1.4
(Windows platform).

TIA,

Giulio Vezzelli
http://www.infolog.it
INFOLOG S.R.L.
Modena - ITALY



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: How to implement a basic login

Posted by Will Hartung <wi...@msoft.com>.

> From: "Giulio Vezzelli" <gi...@vezz.it>
> Sent: Monday, December 16, 2002 3:16 PM


> If anyone has some good advice on how to learn such task in a "modern"
way,
> I would be grateful :)

I would study Section 12 of the servlet spec on Security and just start
there. Work with it as best as you can and determine whether it is adequate
for you needs.

Better to take advantage of built in functionality before running off and
rolling your own.

Regards,

Will Hartung
(willh@msoft.com)




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>