Authenticating to servlet

Discussion in 'Java' started by Ike, Nov 3, 2003.

  1. Ike

    Ike Guest

    If I have a servlet, which handles requests from an Applet, to access a
    database via jdbc, I have the servlet authenticate to the database. I also
    have the applet authenticate to the servlet.

    As I understand it, this is the standard way of doing things.

    HOWEVER, in order for the applet to authenticate to the servlet, the servlet
    must lookup the applet's username/password with each request to the servlet,
    yes? Is there a way to avoid that? I am using connection pooling in my
    servlet, and am hoping - looking for a means whereby - the applet can
    authetnticate to the servlet only one time when the applet is invoked.

    How do you typically do this? Thanks, Ike
     
    Ike, Nov 3, 2003
    #1
    1. Advertising

  2. Ike

    Wendy S Guest

    "Ike" <> wrote in message
    news:Kbxpb.3742$...
    > If I have a servlet, which handles requests from an Applet, to access a
    > database via jdbc, I have the servlet authenticate to the database. I also
    > have the applet authenticate to the servlet.
    > HOWEVER, in order for the applet to authenticate to the servlet, the

    servlet
    > must lookup the applet's username/password with each request to the

    servlet,
    > yes? Is there a way to avoid that? I am using connection pooling in my
    > servlet, and am hoping - looking for a means whereby - the applet can
    > authetnticate to the servlet only one time when the applet is invoked.
    > How do you typically do this? Thanks, Ike


    I don't do applets, but I don't see how it's any different from a user
    authenticating at the beginning of a session. I put an object in the
    session and check for it at the beginning of each request. If I find the
    object, then I let them in, if not, I redirect to a login page. Instead of
    redirecting to login, you would presumably do this lookup of the applet's
    username/password that you mention.

    I don't see what that has to do with connection pooling, though.

    --
    Wendy in Tempe, AZ
     
    Wendy S, Nov 3, 2003
    #2
    1. Advertising

  3. Ike

    Wendy S Guest

    "Wendy S" <> wrote in message
    news:bo69r1$5kb$...
    > I don't do applets, but I don't see how it's any different from a user
    > authenticating at the beginning of a session.


    Hmmm.... well, on second thought, how are you going to identify the
    "session" for request coming from an applet? Never mind, then...

    --
    Wendy in Tempe, AZ
     
    Wendy S, Nov 3, 2003
    #3
  4. Ike

    Ike Guest

    Yes.....I thought (mistakenly perhaps) that typically people assigned a
    connection object with a login. I guess not though. Perhaps I can obtain a
    session object, passing it via php or jsp as a parameter to the applet
    (ugh)......there must be an easier way?

    -Ike

    "Wendy S" <> wrote in message
    news:bo6brs$62d$...
    > "Wendy S" <> wrote in message
    > news:bo69r1$5kb$...
    > > I don't do applets, but I don't see how it's any different from a user
    > > authenticating at the beginning of a session.

    >
    > Hmmm.... well, on second thought, how are you going to identify the
    > "session" for request coming from an applet? Never mind, then...
    >
    > --
    > Wendy in Tempe, AZ
    >
    >
     
    Ike, Nov 3, 2003
    #4
  5. Ike

    Wendy S Guest

    Ike wrote:
    > Yes.....I thought (mistakenly perhaps) that typically people assigned a
    > connection object with a login. I guess not though. Perhaps I can obtain a
    > session object, passing it via php or jsp as a parameter to the applet
    > (ugh)......there must be an easier way?


    Not me, I grab connections and throw them away as soon as I'm done with
    them. Holding connections open for long periods of time isn't appealing to
    me.

    I don't know enough about how sessions are created and stored in Tomcat to
    be able to advise, but I bet you can get the session ID and pass it to the
    applet. From what I've seen, (and I have no idea if this would work,) you
    might be able to tag it on the end of the URL with
    ;jsessionid=aldjf89623865 and Tomcat will pick that up and "know" what
    session the request belongs to.

    Play around with Tomcat sessions with your browser, you'll see the
    jsessionid get appended to the URL on the first request (and IIRC
    subsequent requests as well if you don't have cookies enabled). So the
    applet could just behave like a non-cookie-enabled browser. Tomcat isn't
    going to know the difference, all it sees is a request.

    The applet/servlet communication I'm talking about here is over HTTP. You
    can send pretty much anything over HTTP, even serialized objects. So when
    you talk about passing the session id as a parameter, I would not do that.
    I would have the applet connect to the server and ask, "What's my session
    id?" Then it would remember that value and append it to any subsequent
    requests so that the server will know what session the applet is in.

    Note, however, that I've never actually written an applet. :) All my
    experience is server-side.

    This is still separate from the issue of connection pooling though!

    --
    Wendy in Chandler, AZ
     
    Wendy S, Nov 4, 2003
    #5
  6. Ike

    Ike Guest

    Thanks Wendy,

    You;re right, it doesnt have anything to do with connection pooling, I just
    stated that because I thought, there might be an outside chace, that
    connectin pooling was somehow germaine to the question (obviously not!). I
    am certain I can authetnticae to the servlet via the session ID, BUT...I
    wonder how you initially authetnticate without having the password/userid
    picked up via a sniffer? //Ike

    "Wendy S" <> wrote in message
    news:TpFpb.3250$7B2.1545@fed1read04...
    > Ike wrote:
    > > Yes.....I thought (mistakenly perhaps) that typically people assigned a
    > > connection object with a login. I guess not though. Perhaps I can obtain

    a
    > > session object, passing it via php or jsp as a parameter to the applet
    > > (ugh)......there must be an easier way?

    >
    > Not me, I grab connections and throw them away as soon as I'm done with
    > them. Holding connections open for long periods of time isn't appealing

    to
    > me.
    >
    > I don't know enough about how sessions are created and stored in Tomcat to
    > be able to advise, but I bet you can get the session ID and pass it to the
    > applet. From what I've seen, (and I have no idea if this would work,) you
    > might be able to tag it on the end of the URL with
    > ;jsessionid=aldjf89623865 and Tomcat will pick that up and "know" what
    > session the request belongs to.
    >
    > Play around with Tomcat sessions with your browser, you'll see the
    > jsessionid get appended to the URL on the first request (and IIRC
    > subsequent requests as well if you don't have cookies enabled). So the
    > applet could just behave like a non-cookie-enabled browser. Tomcat isn't
    > going to know the difference, all it sees is a request.
    >
    > The applet/servlet communication I'm talking about here is over HTTP. You
    > can send pretty much anything over HTTP, even serialized objects. So when
    > you talk about passing the session id as a parameter, I would not do that.
    > I would have the applet connect to the server and ask, "What's my session
    > id?" Then it would remember that value and append it to any subsequent
    > requests so that the server will know what session the applet is in.
    >
    > Note, however, that I've never actually written an applet. :) All my
    > experience is server-side.
    >
    > This is still separate from the issue of connection pooling though!
    >
    > --
    > Wendy in Chandler, AZ
     
    Ike, Nov 4, 2003
    #6
  7. Ike

    Wendy S Guest

    "Ike" <> wrote
    > I wonder how you initially authetnticate without having the

    password/userid
    > picked up via a sniffer? //Ike


    Very carefully. This is one reason I don't use applets. Are you requiring
    the user to authenticate, or is it the same userid/password for all
    instances of the applet?

    (Sure wish someone else would jump in here... I've never written an applet!)

    --
    Wendy in Chandler, AZ
     
    Wendy S, Nov 4, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mrwoopey
    Replies:
    3
    Views:
    9,627
    mrwoopey
    Jun 30, 2003
  2. Greg Burns

    forms authentication not authenticating

    Greg Burns, Jul 24, 2003, in forum: ASP .Net
    Replies:
    4
    Views:
    1,623
    Jim Cheshire
    Jul 29, 2003
  3. jm
    Replies:
    3
    Views:
    349
  4. anony
    Replies:
    1
    Views:
    365
    =?Utf-8?B?SGVpZGk=?=
    Feb 8, 2004
  5. circuit_breaker
    Replies:
    2
    Views:
    2,061
    Jack Jia
    Apr 4, 2004
Loading...

Share This Page