0

If I started a new project to execute on the Java EE platform and I wanted to be able to do user-friendly login (say pop up a modal dialog for credentials when needed, or have login option available all the time like twitter or SO), what would be the best approach and tools to implement that?

I've found it quite difficult to retrofit an existing project that uses security constraints, so I'm wondering how I can make my life easier in future!

By default, I'd be looking to use Dojo as my JavaScript framework and deploy to a Java EE appserver like WebSphere.

brabster
  • 42,504
  • 27
  • 146
  • 186

2 Answers2

0

Best approach and tools?

Go for JSF libraries like PrimeFaces!

Check this example

IMO, this is fastest and easiest way to make a rich web application

StepTNT
  • 3,867
  • 7
  • 41
  • 82
0

See the second answer here: Automatic login to JSF application on revisits, after once logged in

If you're using Spring Security or Apache Shiro, both of them support this with the proper filter. On the backend Spring Security works by having a persistent store of remember me tokens, and Shiro I think signs a hash value.

Here's the spring guide: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/remember-me.html

Here's the shiro guide: http://shiro.apache.org/java-authentication-guide.html

If you're using Java EE Security (please tell me it ain't so), you're limited to what your container can support, unless you want to design a customer login filter. An customer filter could sign a cookie with a MAC code and validate it against a database. I don't believe tomcat 7 has this built in, you'd probably need to check out GlassFish (which supports SSO, I don't think it supports remember me).

Community
  • 1
  • 1
Jonathan S. Fisher
  • 8,189
  • 6
  • 46
  • 84