java - j_security_check and JAAS -

-

i have been given task of implementing login handler. detail handler captures username , password. going use jsp posted servlet. servlet carried out db lookup , validated user credentials. upon successful login redirected unsuccessful takes jsp , displays appropriate error messages.

however upon doing research discovered j_security_check , jaas , not sure use or whether @ all.

what benefits either , suitable task? ?

security composed of following aspects:

  1. authentication
  2. authorization
  3. transport layer security - encryption

authentication: - consists of checking credentials of user; of times implemented through login mechanism. task of creating login page part of authentication.

authorization: - application resources need protected unauthorized access means when ever user requests protected resource, application need ensure user has appropriate access rights. done assign roles user , putting request filters verify access rights of user. part more critical , requires detailed design analysis. authenticating user not enough, need ensure protected resources not accessed users not authorized same.

transport layer security: - system architecture need ensure data being transfered on network doesnot fall hands of hackers or sniffers. ssl/tsl used achieving this

j2ee containers , frameworks spring security provide common functionalities each of security aspect.

what trying develop simple authentication mechanism. application security more demandind when comes access control i.e. authorization.

also security need scalable i.e. business needs changes integrating systems , security system should able adapt things single sign on (sso), ldap authentication etc.

though jaas , container security enough scaling there few restrictions same. example need depend on vendor specific configurations , adapters. application declare security needs in deployment descriptors , server administrators need configure security realms @ server end.

i recommend evaluate spring security (previously acegi security) framework. have been using same in many of our projects , found robust, customizable , easy implement. comes set of filters intercept request , provide access control. framework can used validate users against various user repositories such database, ladp servers, os security etc. extensible , can integrated sso servers. provides useful taglibraries controlling access parts within jsp pages. not framework provides method level security can imposed @ class level through spring aop framework


Comments

Post a Comment

Popular posts from this blog

c++ - How do I get a multi line tooltip in MFC -

-
right now, have tool tip pops when hover on edit box. problem tool tip contains multiple error messages , in 1 long line. need have each error message on own line. error messages contained in cstring new line seperating them. my existing code below. bool ontooltiptext(uint, nmhdr* pnmhdr, lresult* presult) { assert(pnmhdr->code == ttn_needtexta || pnmhdr->code == ttn_needtextw); // need handle both ansi , unicode versions of message tooltiptexta* pttta = (tooltiptexta*)pnmhdr; tooltiptextw* ptttw = (tooltiptextw*)pnmhdr; // tchar szfulltext[256]; cstring strtiptext=_t(""); uint nid = pnmhdr->idfrom; if (pnmhdr->code == ttn_needtexta && (pttta->uflags & ttf_idishwnd) || pnmhdr->code == ttn_needtextw && (ptttw->uflags & ttf_idishwnd)) { // idfrom hwnd of tool nid = ::getdlgctrlid((hwnd)nid); } //m_errprojaccel[ch] contains 1 or more error messages each...
Read more

asp.net - In javascript how to find the height and width -

-
i having .aspx , masterpage page. in masterpage loading aspx page . in aspx page design using generating table structure using code-behind server in javascript how find height , width . regards, kumar if you're looking table height , width, should it var tbl = document.getelementbyid('tbldemo'); alert(tbl.offsetwidth + '\n' + tbl.offsetheight);
Read more

c# - DataTable to EnumerableRowCollection -

-
i have datatable according client requirement can contain invalid date "00/00/1999",null,empty string.(typed datset) when collect them enumerables wish convert of invalid forms empty string. (i.e) enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || (how check date invalid date) ? string.empty : order.field<datetime>("orderdate") } how check whether date valid date or not? datetime.tryparse...like given current code: datetime date; enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || !datetime.tryparse(convert.tostring(order.field<datetime...
Read more