users@glassfish.java.net

Re: what is best practice for a web application authentication in glassfish?

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Tue, 16 May 2006 13:40:45 -0700

Hi Legolas,

Legolas Woodland wrote On 05/13/06 05:42,:
> Hi
> Thank you for reading my post
> what is best practice to create a login page , authenticate users and
> then let them see some pages
> the requirement is:
> 1-after user logged in he/she should be able to look at some urls based
> on his/her privileged
> 2-the login information should reside in session until user explicitly
> logout or the session time out.
>
> now my questions are :
> -Does glassfish provide some kind of standard mechanism like tomcat :
> j_security login mechanism? (container managed)

Yes, GlassFish supports the FORM based authentication mechanism
as described in the servlet spec (see SRV.12.5.3).

> -is it wise to use this mechanism ,please give me some reason for your
> answer
>
> -is there any sample application that show me this ?

Actually, the admin GUI webapp in GlassFish uses it. Here's the relevant
info from its web.xml
(stored in
glassfish/lib/install/applications/admingui/adminGUI_war/WEB-INF/):

     <login-config>
         <auth-method>FORM</auth-method>
     <realm-name>admin-realm</realm-name>
         <form-login-config>
             <form-login-page>/jsp/login.jsp</form-login-page>
             <form-error-page>/jsp/loginError.jsp</form-error-page>
         </form-login-config>
     </login-config>

Hope this helps.


Jan


> I would love such a sample application because i can learn easier from
> samples.
>
> ps: is it better to ask in forum or mailing list ?
> Thank you.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>