I’m given a task to write a user authentication and login system in java. How do I start?
I can write a simple login page asking for username and password and then check them in a servlet against a database. Is this a ‘User authentication and Login system’? Also I can use JAAS.but i think JAAS is already an authentication service. But I want to write from scratch. Please tell me where do i start and what exactly i need to do? Thanks
I’m given a task to write a user authentication and login system in java.
Share
Yes, most authentication and login systems will prompt the user for a username and password and verify these details against a database to ensure authenticity of the end-user. But there are many important details to ensure the integrity and security of the system overall.
One important detail is to never store or display passwords as plain text as they may be retrieved by malicious parties. A typical way to avoid this is to use a one-way hash algorithm to store it in the database, such as MD5 or better SHA1. Additionally, never transmit plain-text passwords over an unencrypted channel as they may be intercepted by unauthorized users. There are many other concerns which should be considered carefully depending on just how secure the system must be and if there is a reasonable threat of motivated attackers.
Using an existing library or framework is probably most pragmatic, but if you’re looking to build your own you should do some proper studying on the subject. Additionally, HTTP has some authentication methods built-in which may be worth considering, for example
basic and digest authentication; understanding these methods will help you towards an appropriate solution.