Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

How to implement secure login

Michael Carl
1 decade ago Mar 19, 2010 1:57pm
Sami Ekblad
1 decade ago Mar 22, 2010 1:43pm

One option is to go for JAAS. From Vaadin application point of view that means that you just put the application to a protected URI and enable the login for that URI in your web server. In the Vaadin application you can then access the user information from the session once authenticated.

I used this approach with WebLogic and the hardest part was to create the LoginModule for that environment. I quickly found these instructions how you would use JAAS in Tomcat: http://www.kopz.org/public/documents/tomcat/jaasintomcat.html

The same thing goes for the SSL: It is a server level feature that you can switch on. Again, here are instructions for Tomcat: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Probably you can make the same Vaadin application available both http and https. Link to a login page would then point to the https-version (that is protected with JAAS login). That makes it use the (automatic) redirects to the actual JAAS login page to perform the authentication before letting users to access it.

Michael Carl
1 decade ago Mar 22, 2010 3:11pm
Sami Ekblad
1 decade ago Mar 22, 2010 4:29pm
Michael Carl
1 decade ago Mar 22, 2010 4:49pm
Sami Ekblad
1 decade ago Mar 24, 2010 8:06pm
Michael Carl
1 decade ago Mar 29, 2010 8:36am
Michael Carl
1 decade ago Apr 01, 2010 11:18am