Announcement Announcement Module
Collapse
No announcement yet.
Creating a login controller Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating a login controller

    Hi,

    I'm trying to improve an old webapp running on Tomcat by implementing Spring and Hibernate. The app is not using container managed security simply because the app requires that the user doesn't have to login after a restart, and using the default JDBCRealm in Tomcat doesn't handle that.

    My question is what would be the best design of the login controller and validator(not using commons-validator):

    Should the validator check the username and password against the database?

    Or should the validator just check that the username and password is entered, and then in the onBindAndValidate method check the username and password against the database?

    This would apply to other places in my app where I must check if the data entered exists in the database as well.


    Trond

  • #2
    Trond,

    You should take a look at the Acegi Security Framework. This will probably save you a lor of work and it will give you a comprehensive framework for your application.

    Rob

    Comment


    • #3
      Thanks for the tip Rob, and using lazy loaded collections in Hibernate also by the way.

      I have already looked at Acegi and I think that I will implement it at a later stage. The only thing I'm doing right now is redesigning the controller and view of the login functionallity that already exists, as it is working satisfactory.

      The base of my question this time is should a validator just handle the fact that all reqiured input fields are filled in and in the correct format, or should it also check the data against the database.

      Trond

      Comment


      • #4
        I posted some code for a custom login Validator at
        http://jroller.com/page/mrogan/20050...ple_user_login. It doesn't show the db access bit, so it rather misses the point. But it does show a custom Interceptor and configuration to intercept requests for pages that require a login. A little simplistic but as a newbie myself I like simple. Now I'm off to check out the Acegi framework... Martin

        Comment


        • #5
          Try acegi ...

          I was a little overawed by the acegi framework ... thinking it was a bit over the top for what I wanted. But then I spent a day trying it out. I got the login working nice and cleanly in no time.

          Check out the sample war that comes with it and take a look at AppFuze which now uses it instead of container authentication

          Kev

          Comment

          Working...
          X