T
Tony A.
Longwinded explanation ahead--I want to make sure I don't leave any
important details out.
I'm maintaining a client/server system that we use for automated grading of
student CS assignments. The basic
architecture consists of the grading server app itself and a servlet client
for student access, which runs on Tomcat in our case. Right now, the
servlet is starting to get large, as it's hardcoded to print one of several
pages depending on a URL parameter, and I'd like to break this into several
JSP pages instead.
We don't use any kind of standard authentication method in the servlet. The
servlet login page accepts the student's username/password as well as the
course they're enrolled in (chosen from a list), and we authenticate this
inside doGet() by passing a custom message object to our grading server,
which checks whether the student is enrolled in the course they chose, as
well as whether their username/password is valid. If their information is
valid, we store it in the HttpSession object and use that as they navigate
the site.
The problem is, I'm not sure how to translate this into JSP. I've seen some
examples using j_security_check, j_username, etc., but from what I can tell,
it looks like those are handled completely by the webserver, and requires
the user information to be stored in some file that the webserver can
access. This isn't a solution for us, because the grading server may not
even be on the same physical machine as the webserver.
So basically, here's what I'm looking for: A form-based authentication
method that lets me verify the student's username, password, and course
enrollment all at once, and store that in a session that I can use across
all the JSP pages. Obviously, I'd like all the pages to be protected so
they redirect to the login page if the user isn't logged in this session,
and I'd also like to be able to handle situations where if the session times
out and the user tries to navigate, it returns him to the login page, and
then redirects him to whatever original page he was trying to navigate to
when he successfully logs in.
From scouring other newsgroup posts, it looks like I might need to create my
own custom Realm (?), but I'm not sure where to start. I'd also like
something that's not tied specifically to Tomcat, but would work on most
popular JSP-supporting webservers, if possible.
If anyone can give me some advice or a push in the right direction, I'd
really appreciate it!
Thanks,
important details out.
I'm maintaining a client/server system that we use for automated grading of
student CS assignments. The basic
architecture consists of the grading server app itself and a servlet client
for student access, which runs on Tomcat in our case. Right now, the
servlet is starting to get large, as it's hardcoded to print one of several
pages depending on a URL parameter, and I'd like to break this into several
JSP pages instead.
We don't use any kind of standard authentication method in the servlet. The
servlet login page accepts the student's username/password as well as the
course they're enrolled in (chosen from a list), and we authenticate this
inside doGet() by passing a custom message object to our grading server,
which checks whether the student is enrolled in the course they chose, as
well as whether their username/password is valid. If their information is
valid, we store it in the HttpSession object and use that as they navigate
the site.
The problem is, I'm not sure how to translate this into JSP. I've seen some
examples using j_security_check, j_username, etc., but from what I can tell,
it looks like those are handled completely by the webserver, and requires
the user information to be stored in some file that the webserver can
access. This isn't a solution for us, because the grading server may not
even be on the same physical machine as the webserver.
So basically, here's what I'm looking for: A form-based authentication
method that lets me verify the student's username, password, and course
enrollment all at once, and store that in a session that I can use across
all the JSP pages. Obviously, I'd like all the pages to be protected so
they redirect to the login page if the user isn't logged in this session,
and I'd also like to be able to handle situations where if the session times
out and the user tries to navigate, it returns him to the login page, and
then redirects him to whatever original page he was trying to navigate to
when he successfully logs in.
From scouring other newsgroup posts, it looks like I might need to create my
own custom Realm (?), but I'm not sure where to start. I'd also like
something that's not tied specifically to Tomcat, but would work on most
popular JSP-supporting webservers, if possible.
If anyone can give me some advice or a push in the right direction, I'd
really appreciate it!
Thanks,