[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: User registration/authentication

To: uu@total-knowledge.com
Subject: Re: User registration/authentication
From: sergey@total-knowledge.com
Date: Mon, 2 Apr 2007 16:13:42 -0700 (PDT)
Delivered-to: mailing list uu@total-knowledge.com
Importance: Normal
In-reply-to: <46118A04.2060204@total-knowledge.com>
Mailing-list: contact uu-help@total-knowledge.com; run by ezmlm
References: <45559.76.83.147.118.1174085610.squirrel@webmail.total-knowledge.com> <34274.76.83.147.118.1174085930.squirrel@webmail.total-knowledge.com> <45FB3085.80401@total-knowledge.com> <57499.76.83.147.118.1174123588.squirrel@webmail.total-knowledge.com> <40981.76.83.147.118.1175548181.squirrel@webmail.total-knowledge.com> <a75bc3cf0704021429m173aa027n17a21c9d5565dd13@mail.gmail.com> <461179D2.4030807@total-knowledge.com> <a75bc3cf0704021501u2a9c432fu14ee04c604775441@mail.gmail.com> <46117DAE.1050509@total-knowledge.com> <a75bc3cf0704021552j10ded124kf71e8a1387c40309@mail.gmail.com> <46118A04.2060204@total-knowledge.com>
User-agent: SquirrelMail/1.4.8

Ok, to resume:

1. The very first operation during request proccessing will be
getConnection() con_1 without login/password.
login() proc will be called with empty login or will not be called at all.
I prefer second option since in both cases session_info won't have any
records, and therefore it won't be any access to privileged tables.
2. con_1 is used for checking if user logged-in using userid that is
stored in HttpSession after successful login/registration.
	2-1. User not-logged-in.
		2-1-1. There is no DB operation on this servlet that requires
authentication.
			2-1-1-1. con_1 released after DB communication job is done. logout()
proc is not called.
		2-1-2. There is a DB operation on this servlet that requires
authentication.
			2-1-2-1. User redirected to login. con_1 released, logout() proc is not
called.
	2-2. User logged-in.
		2-2-1. con_1 is used for getting login, password, server from DB using
userid from HttpSession.
		2-2-2. con_1 released. logout() proc is not called.
		2-2-3. Call getConnection(login, password,..) which returns con_2.
login() proc called with login/password.
		2-2-4  con_2 released after DB communication job is done. logout() proc
is called.


Regarding steps 2-1-1. and 2-1-2.
If the DB operation needs authentication, it will return 'access denied'
code.

Please comment.

Follow-Ups:
- Re: User registration/authentication
  - From: "Alexey Parshin" <alexeyp@gmail.com>

References:
- User registration/authentication
  - From: sergey@total-knowledge.com
- Re: User registration/authentication
  - From: sergey@total-knowledge.com
- Re: User registration/authentication
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>
- Re: User registration/authentication
  - From: sergey@total-knowledge.com
- Re: User registration/authentication
  - From: sergey@total-knowledge.com
- Re: User registration/authentication
  - From: "Alexey Parshin" <alexeyp@gmail.com>
- Re: User registration/authentication
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>
- Re: User registration/authentication
  - From: "Alexey Parshin" <alexeyp@gmail.com>
- Re: User registration/authentication
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>
- Re: User registration/authentication
  - From: "Alexey Parshin" <alexeyp@gmail.com>
- Re: User registration/authentication
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>

Prev by Date: Re: User registration/authentication
Next by Date: Re: User registration/authentication
Previous by thread: Re: User registration/authentication
Next by thread: Re: User registration/authentication
Index(es):
- Date
- Thread

UniverseUniversity

uu

Re: User registration/authentication