Z
Zdzislaw
O great Newsgroups Oracle,
I am trying to build a set of JSPs/servlets that require
authentication and probably authorization. The jsp / sevlets should be
able to authenticate against any underlying password system, or should
cope with most common systems such as win2k / unix etc. I do not want
to force the organisation to build a new database of users / passwords
or to type in passwords in clear text in xml files.
I would preferably like to use form-based authentication to avoid Http
basic clear text password sending. This will also allow me to custmize
the UI of the login screen.
The solution should not be container specific. or at least the
containers (tomcat + webspehere) should allow for it in their own way.
After a lot of reseasrch on the web, I cant seem to find an accepted
way of doing this. I would like comments on the choices I have made so
far and the choices I should be making. Any links to reading material
would be helpful. I would like to understand which lower level
technologies to depend upon eg LDAP / Kerberos etc. Any help will be
appreciated
TIA,
Zdz
I am trying to build a set of JSPs/servlets that require
authentication and probably authorization. The jsp / sevlets should be
able to authenticate against any underlying password system, or should
cope with most common systems such as win2k / unix etc. I do not want
to force the organisation to build a new database of users / passwords
or to type in passwords in clear text in xml files.
I would preferably like to use form-based authentication to avoid Http
basic clear text password sending. This will also allow me to custmize
the UI of the login screen.
The solution should not be container specific. or at least the
containers (tomcat + webspehere) should allow for it in their own way.
After a lot of reseasrch on the web, I cant seem to find an accepted
way of doing this. I would like comments on the choices I have made so
far and the choices I should be making. Any links to reading material
would be helpful. I would like to understand which lower level
technologies to depend upon eg LDAP / Kerberos etc. Any help will be
appreciated
TIA,
Zdz