开发者

How to implement authentication mechanism in Java EE 6

开发者 https://www.devze.com 2023-01-02 11:50 出处:网络
I\'m trying to learn Java EE 6 and i\'m just wondering how to implement authentication mechanism in Java EE 6.

I'm trying to learn Java EE 6 and i'm just wondering how to implement authentication mechanism in Java EE 6.

Here is the Java EE 6 authentiction example:

    public void login() {
    if (account.authenticate(name, password) == null) {
        message = "Invalid user name or password!";
    } else {
        message = " Login successful";
        FacesContext context = FacesContext.getCurrentInstance();
        HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
        try {
            request.login(this.name开发者_运维知识库, this.password);
            Principal principal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
            name = principal.getName();
        } catch (ServletException e) {
            // Handle unknown username/password in request.login().
            context.addMessage(null, new FacesMessage("Unknown login"));
        }
    }
}

I have a following questions:

  1. How request.login function check name and password? It isn't know user entity?
  2. If it isn't right way. How to implement standart authentication mechanism

In finally thank you for your advise and i need a very good tutorials or advise.


How request.login function check name and password? It isn't know user entity?

The request.login allows to implement programmatic security and validates the provided username and password in the password validation realm used by the web container login mechanism configured for the ServletContext.

In other words, it delegates the authentication check to the container and this check is done against the security realm of the webapp. This is a very nice alternative to FORM-based authentication.

Authentication Without the Form has had a nice screencast showing this feature in action. If you don't want to use a file realm but a JDBC realm, check this blog post.

See also

  • Summary of new Security Features in Servlet 3.0
  • New Security Features in Glassfish v3 (Java EE 6) - Part III
  • Leveraging Servlet 3.0 - Authentication without Forms using GlassFish v3 and Vaadin
  • JDBC Realm Setup with Glassfish v3 (build 70) and Netbeans 6.8 (beta) JEE6
0

精彩评论

暂无评论...
验证码 换一张
取 消