• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

Where/how to rememeber the user is authenticated already in J2ee programmatic security?


I am doing a programmatic security in J2EE.

siteA tries to access my siteB(J2ee) with a token appended in the URL.
In siteB, I verify the token. If it is good, I let him to access the requested page.

My question, where and how do I store the info that he was "authenticated" already? Then, if he accesses another page on siteB, I do not need verify the token anymore.

0
workbench
Asked:
workbench
1 Solution
 
mukundha_expertCommented:
If both siteA and siteB are part of the same application, then you can create session and add the userInfo to the session.

if you are using a token to authenticate in siteB, then you can create a new session in siteB and add the userInfo to that session. so whenever the user tries to access another page in the same site you can use the sessoin information to authenticate him,


Like,

from siteA you are sending a request to siteB with a token in request say user = "jack"

In siteB,

user = request.getParameter("user") ;
session = request.getSession () ;
session.setAttibute ( "user" , user ) ;

In another page of siteB,

user = session.getAttribute ( "user" ) ;
if ( user == null )
   Not autheticated
else
  authenticated
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now