Just how authentic are you?
Gadgets Authentication Crypto ENV HTTP Regex Regex 2 Robots Snarfs SSL Stepper	If a Web site has any sophistication at all, it probably contains data that some people should access and some people shouldn't. Perhaps users can store a personal profile there that contains things like their email addresses, mailing adddresses or even credit card information. You want only registered users to be able to log onto the profile management site, and once they're authenticated, you want them to only see their data, not some other user's. Maybe some users have special privileges that allow them access to certain Web pages with premium content. In that case, you'll need an authorization system that lets in the special users while screening others out. A simple solution would be to require an additional password prompt before granting access to the premium content. While simple, it would also certainly mark your site as amateurish. After all, "single-signon" was a buzzword before the last millenium was out. Fortunately, single-signon authentication and a page authorization engine is pretty simple to implement using Java servlets/JSP because the Java designers have given us a very clean sessioning API. By using the javax.servlet.http.HttpSession interface, we can grab the user's access control list (ACL) at login and use an HttpSession object to keep track of it until the user either logs out or times out.   Next >>
	Home | Gadgets | Code | Links | Reads | Contact Copyright © 1999, 2001, 2002 by John H. Byrd All rights reserved.