Customized form authentication with JSP

Discussion in 'Java' started by Tony A., Jul 11, 2003.

  1. Tony A.

    Tony A. Guest

    Longwinded explanation ahead--I want to make sure I don't leave any
    important details out.

    I'm maintaining a client/server system that we use for automated grading of
    student CS assignments. The basic
    architecture consists of the grading server app itself and a servlet client
    for student access, which runs on Tomcat in our case. Right now, the
    servlet is starting to get large, as it's hardcoded to print one of several
    pages depending on a URL parameter, and I'd like to break this into several
    JSP pages instead.

    We don't use any kind of standard authentication method in the servlet. The
    servlet login page accepts the student's username/password as well as the
    course they're enrolled in (chosen from a list), and we authenticate this
    inside doGet() by passing a custom message object to our grading server,
    which checks whether the student is enrolled in the course they chose, as
    well as whether their username/password is valid. If their information is
    valid, we store it in the HttpSession object and use that as they navigate
    the site.

    The problem is, I'm not sure how to translate this into JSP. I've seen some
    examples using j_security_check, j_username, etc., but from what I can tell,
    it looks like those are handled completely by the webserver, and requires
    the user information to be stored in some file that the webserver can
    access. This isn't a solution for us, because the grading server may not
    even be on the same physical machine as the webserver.

    So basically, here's what I'm looking for: A form-based authentication
    method that lets me verify the student's username, password, and course
    enrollment all at once, and store that in a session that I can use across
    all the JSP pages. Obviously, I'd like all the pages to be protected so
    they redirect to the login page if the user isn't logged in this session,
    and I'd also like to be able to handle situations where if the session times
    out and the user tries to navigate, it returns him to the login page, and
    then redirects him to whatever original page he was trying to navigate to
    when he successfully logs in.

    From scouring other newsgroup posts, it looks like I might need to create my
    own custom Realm (?), but I'm not sure where to start. I'd also like
    something that's not tied specifically to Tomcat, but would work on most
    popular JSP-supporting webservers, if possible.

    If anyone can give me some advice or a push in the right direction, I'd
    really appreciate it!


    Tony A., Jul 11, 2003
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. S. Justin Gengo

    Re: DropDownlist name customized possible ?

    S. Justin Gengo, Aug 11, 2003, in forum: ASP .Net
    Lim Siew Cheng
    Aug 12, 2003
  2. Alex K
    Alex K
    Aug 11, 2003
  3. Replies:
  4. ctbang
    Thomas 'PointedEars' Lahn
    Jan 20, 2006
  5. Greg Guarino

    Customized pdf form sent to client: Possible?

    Greg Guarino, Jun 18, 2007, in forum: Javascript
    Greg Guarino
    Jun 18, 2007

Share This Page