Where/how to rememeber the user is authenticated already in J2ee programmatic security?


I am doing a programmatic security in J2EE.

siteA tries to access my siteB(J2ee) with a token appended in the URL.
In siteB, I verify the token. If it is good, I let him to access the requested page.

My question, where and how do I store the info that he was "authenticated" already? Then, if he accesses another page on siteB, I do not need verify the token anymore.

workbenchAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
mukundha_expertConnect With a Mentor Commented:
If both siteA and siteB are part of the same application, then you can create session and add the userInfo to the session.

if you are using a token to authenticate in siteB, then you can create a new session in siteB and add the userInfo to that session. so whenever the user tries to access another page in the same site you can use the sessoin information to authenticate him,


Like,

from siteA you are sending a request to siteB with a token in request say user = "jack"

In siteB,

user = request.getParameter("user") ;
session = request.getSession () ;
session.setAttibute ( "user" , user ) ;

In another page of siteB,

user = session.getAttribute ( "user" ) ;
if ( user == null )
   Not autheticated
else
  authenticated
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.