× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. JAVA400-L
  3. February 2004

Re: Getting a Java Sign-on Dialog

Dieter & Ivan,

The original servlet specification has some serious well recognized
flaws so best practices are generally workarounds. First you have to
decide what authentication is appropriate for your application and
decide where your Servlet container will run. You have basic, digest,
and form based authentication along with several hybrid and homegrown
options. You have more option when running natively on the iSeries
because you can use native authority without passing around passwords.
You do have to consider connection pooling, which will be limited to 1
pool per user. 

One big problem with normal Servlet security is that you are not
challenged until you request a secure resource. There is a way around
this using a proxied page that I would consider best practices at this
time if you really plan on using container managed security. You can
find an article in Java Developers Journal from about last November (I
don't have that magazine here at work) that describes that technique. If
you do not, I would look at using a servlet filter like
http://securityfilter.sourceforge.net/. The trouble with that
approach is it won't work well with cached pages and doesn't play at all
with J2EE. 

David Morris

>>> dieter.bender@xxxxxxxxxxxx 2/27/2004 10:25:58 AM >>>
Hi,

doing authentication by connect to database is not really scalable.
Creating 
an as400 object to authenticate is even worse. Don't do such things.
Have a 
look at java best practices or recent style guidelines.

Dieter Bender


On Freitag, 27. Februar 2004 17:24, Ivan Hurtado wrote:
> I am in the early design/architecture phase of an
> AS400 Server Side web app, and I am trying to make a
> decision on our authentication strategy. I have never
> developed Java using an as400 as the server, so please
> bear with me.
>
> I have the "iSeries & AS/400 Java at Work" book by Don
> Denoncourt (which seems to be a very good 400
> reference) and with examples from there I was able to
> create a Java app (running from my desktop) that
> connects to the as400. Upon connection, it brings up
> the Java Sign-on dialog auto-magically which is nice.
> But, I was hoping to be able to do something similar
> for my server side app by putting similar code in some
> Login servlet. The point is that I would like the
> as400 to handle the authentication for me if possible,
> to eliminate the need for creating user tables. How
> can I best accomplish this?
>
> Thanks,
> Ivan Hurtado

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.