From: "Mick Dalton" <mick_dalton@hotmail.com>
To: java-security@web1.javasoft.com
Date: Wed, 04 Mar 1998 05:22:53 PST
Hi,
I'm relatively new to java and I'm on my way to write my first servlet
application for an intranet. Happily I've got much C++ experience. But
Java attracts me more and more because of the portability and a much
easier handling. My question is how I can implement an user
identification and authentisation via an applet which communicate with
my servlet. My application is in charge with reporting of sensitive data
thus I want urge the user to logon before untertake any action. I've
only heard of sockets, threads, encryption(but without descryption),
cookies but I can't bring them all together. I would be very grateful if
you could provide me a strategic concept and several code samples.
The way I thought of is the following: Call my servlet first (e.g.
"servlet?action=welcome") then the servlet post an login applet to the
browser which asks for user id and password. Having finished the applet
encrypts and returns the authentication string to my servlet which
checks it. But consider that I don't want to protect my servlet since
the user id and password are managed on a host environment. To verify
the password I have to establish a JDBC connect to the host!
I hope my question is specified enough to be able to answer. I would be
very very happy if you could help me. Many thanks in advance.
Best regards.
Mick Dalton
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com