Re: J2EE authentication
Lionel wrote:
I'm a seasoned Java programmer but I am currently introducing myself to
J2EE.
One thing I've noticed is that the Sun tutorials all talk about adding a
user to the Glassfish realm to do authentication. As far as I can tell
this is not what I want to do as it seems to involve a manual step of
adding users. I also don't want to tie myself to a specific application
server.
Adding users had better be a manual step.
I use a popular blog-site package and bots register for that site all the
time. I have to manually unregister the users. It's annoying. I suppose I
should add a capcha to force entry of new users to be a manual step.
I've discovered the Netbeans example JsfJPA which looks like what I
want, but seems a little messy, the user model and the algorithms are
all mixed in and the separation is not good.
I discovered this
http://www.novocode.com/doc/servlet-essentials/chapter4b.html#ch_4_5
which looks quite good to me.
What I am trying to achieve is, for example, say a simple board game
website where a user can register then log in and see their games, play
etc.
What is the best technology to do this? A servlet as in the example
above? Java Server Faces?
Donkey Hottie wrote:
Each and every JEE container does this in their proprietary way.
However, they all usually offer alternative types of user registry, it
can be a flat file, SQL database, LDAP, whatever. I might want to pick
one that you feel comfortable to manipulate.
I don't know how one does it in Glassfish, but for example in JBoss it
Similarly.
very easy to set up the authentication against a SQL database. Then you
just write the user registration into that DB table(s) and the user can
authenticate.
Authentication is not standardized, except JAAS, which they all use
behind the schenes, more or less, and all in different way ;) So that's
for the standards...
There are a lot of Java EE authentication packages or frameworks and they work
with all the containers, pretty much.
--
Lew
Ceci n'est pas une pipe.