× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. July 2002

webapps and security: your opinion please.

This is a multipart message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hi there, your opinions are very welcome about this:

Situation:
- We have 7 departments in our company.
- Each department has it's own website and wants x-applications on the
web.
- Each application needs access to data on the AS400.
- Some applications are free for public, some are partly free while others
must be password-protected.
- We have 3 applications running (one of each) which are created using
VaJava-notepad-Frontpage.
- One has to logon only once per department, common values and tables are
kept in HTTP-session

What do we want?
We want to convert our projects to J2EE-Web-Applications using WebSphere
Studio

What's the problem?
Converting our standalone projects to 'real' web-apps in Studio brought me
into big troubles.  Now, after splitting it all up into Web-App's, it is
not possible anymore to logon once per department, nore to load tables and
values once.  WebApp-A isn't aware of values in WebApp-B etc.  Now I try
to load all values in each web-app seperatly but then I found out that I
have to logon for each web-app seperatly too!  To make it a bit easier I
tried to replace my own logon-procedures with the 'Basic
Authentication'-system of WAS3.5  This because I could check the
'remote-user' value of the HTTP-session.  At least this is available in
all Web-Apps...  But, beside the fact that the authentication mechanism is
a monster to work with, it now seems that the user has to logon for each
new browserwindow he opens...  which isn't the case with own coding based
on 'HTTP-sessions'. (at least not in IE)

This seems rudiculous!  Is this really the J2EE-approach?  Each Web-App
must have it's own login?  Each Web-App must load (in our case) all
'general tables'?  Each Web-App has it's own image/javascript/theme's
folders, while they all use same logo's and js-routines?

What's the question?
Is it really neccessary to logon for each (partly) secured
Web-Application?  How is security generally implemented?  I know I could
use a cookie, but before changing any code again I want your opinions...


Patrick Goovaerts
Clipper Support nv
TEL : 0032 (0)3 5453991
GSM: 0498 610 325
WEB: www.conti7.be

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.