What is the best way to add authorization to the site?

O

oberontrik2017-09-24 16:44:02

Java

oberontrik, 2017-09-24 16:44:02

At certain points, it is required to check authorization or register new users in an application using servlets and tomcat.
What is the best way to move the application logic into a separate class, taking into account multithreading and the need to communicate with the base?

Make authorization static.
Move authorization to a separate class. Create an object of this class in each servlet that requires authorization in the init () method. In turn, in this object, in the constructor, get a connection to the database, etc.

1. Which option is better and why?
2. Are there other options better than these, if so why? (when answering this point, you should not ignore the first one)
Note: I want to file authorization and registration myself, yes, I am aware that there are ready-made solutions.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey Gornostaev, 2017-09-24
@sergey-gornostaev

It is best to entrust the authorization to the container as well.

E

Eugene, 2017-09-25
@zolt85

If you need to do everything yourself, then you can implement your own filter (by implementing the javax.servlet.Filter interface ), in which you can try to understand whether the user is authorized or not. Such a filter must be written in web.xml in the form

<filter>
    <filter-name>requestInterceptor</filter-name>
    <filter-class>com.example.RequestInterceptorFilter</filter-class>
</filter>

Such a filter will intercept absolutely all http requests.

M

Michael, 2017-09-25
@SnowBearRu

It is written above, if you want a wider use of authorization, then you can also look at
https://shiro.apache.org/