[ajug-members] J2EE Web User Authentication
Titus Barik
titus at barik.net
Wed Feb 23 22:01:00 EST 2005
Hi all,
I'm a trying to find a clean way to do user authentication with Resin
and struts. A good start appeared to be the use of the JDBCAuthenticator
provided by Resin:
http://www.caucho.com/resin-3.0/security/authentication.xtp
My database store provides the user ID, username, first name, last name,
and password in one table, and the roles in another.
After logging in, one can get the username and the role information by
using the getUserPrinciple call. But because of the nature of the
authenticator, there is no way to get any of the other properties.
What is a good way to deal with this? One thought was to write my own
authenticator. On a successful authentication, it would add a user
business object to the web session context, and this object would be
used throughout the application instead of UserPrinciple. But perhaps
there's something better than this that I don't know about.
Any advice is appreciated.
Regards,
--
Titus Barik <titus at barik.net>
More information about the ajug-members
mailing list