-1

I am creating a website using Java EE.

I have created a table in a PostgreSQL database for the user data(username, password, role). I want to make a security realm or something like that in which to put some of the servlets. If a user sends a request to one of the servlets in the security realm and is not loged in, I want to redirect them to the login page.

The problem that I am having is that I don't know how to verify if the user is loged in or not when the request is received on the server. Should I use a session id or cookie? I've also searched a lot on form based authentication but I haven't found a way to compare the received data with the data stored in my database.

Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
Gabriel
  • 77
  • 2
  • 12
  • 2
    Is this your classmate or something? http://stackoverflow.com/questions/7677140/how-to-implement-authorization-and-authentication-in-a-jsf2-0-webapplication – BalusC Oct 06 '11 at 16:19

1 Answers1

1

I highly recommend using a framework to do this, as opposed to rolling your own. Security is a tricky thing to get right and you're going to end up rewriting a bunch of the code that is already in existence. I have been recommending the excellent Shiro framework for awhile now, but in your case I believe Spring Security would be a better fit. Take a look at their tutorials and then download the sample application. All told it shouldn't take you more than a day to stand up and become familiar with the basics.

Good luck.

Perception
  • 79,279
  • 19
  • 185
  • 195
  • Hi Perception, can you tell me when(*in what cases*) is it preferable to move from container managed security to these security frameworks ? see my specific question here: http://stackoverflow.com/questions/7782720/when-to-move-from-container-managed-security-to-alternatives-like-apache-shiro – Rajat Gupta Oct 17 '11 at 08:15