1

I've done many sites, using Java, Php, etc... When I needed user management I would use HttpSession and a DB to keep passwords and eventually session data.

What's the recomended/standard way of doing this with Spring in a simple way?

gotch4
  • 13,093
  • 29
  • 107
  • 170
  • 1
    What do you meant by user management? To manage users you do not need session... You are probably asking about authorization in web apps? – Stas Jan 25 '11 at 15:11
  • Yes, you are right, that's what I meant. – gotch4 Jan 25 '11 at 15:19

2 Answers2

1

Spring Security is great when the developer wants to secure his web app. But what about creating the account? and "forgot password"?

Have a look at my answer here.

"I have implemented a JAVA project for this use case. It is open source, based on Spring-Security. A release version is on Maven-Central, so you do not need to compile it, but instead you can fetch it as maven-dependency to your project!"

<dependency>
     <groupId>com.ohadr</groupId>
     <artifactId>authentication-flows</artifactId>
     <version>1.5.0-RELEASE</version> 
</dependency>
Community
  • 1
  • 1
OhadR
  • 8,276
  • 3
  • 47
  • 53
1

There is a "sub"-project of Spring: Spring-Security. That is exactly what you need. It provides also a "jdbc-user-service" authentication provider which reads the user from a database table out of the box.

Ralph
  • 118,862
  • 56
  • 287
  • 383