What is the latest, efficient way to create a login page in JAVA?
I am a noob Java programmer. I want to create a simple login page with just username and password. So I have to combine Java and HTML. While googling I found that Servlets do the job but people are suggesting not to use it, because it is an outdated technology and difficult to test. My question is what is the latest efficient way to do my task in java? It should also be a good learning opportunity for me.
1 answer
A login page is but the tip of the iceberg. For a login page to function, you need a way to store users and their passwords, verify passwords in a safe way, prevent the login form from being bypassed by requiring a login before accessing a protected resource, and thus designate resources as protected. Often, you'll also want role based access control because not all users are created equal.
That is, you don't just want a mere login form, but a security framework or library. One such library is Spring Security.
Or you could say that this entire login thing should be handled by a different piece of software altogether. This allows a single login to grant access to many applications at once, so the user doesn't need a new password for each of them. A reasonably modern Single Sign On protocol is OpenID Connect, of which various implementations are provided as a service.
5 comments
That's an interesting topic so there goes my upvote. I would suggest to edit the tittle to "What is the latest and efficient way to create a login page in Java?" — Estela 20 days ago
The backend should create a salted hash of the password, it should not store the password itself. For calculating the salted hash, use existing software or what is built-in in the available Java API's. Writing cryptographic code is notoriously difficult and error-prone. — FractionalRadix 19 days ago
This is an interesting question, but it is quite broad. We encourage people to search a bit for possible solutions and ask more specific questions in our community. Please take a look at How to ask a great question. — Alexei 19 days ago
@Alexei At the current stage of CoDidact, I don't think this is too broad. Even "that other Q&A site" had a canonical Q&A about building a login page. I hope questions like these will attract more users to our community. As an alternative to a question, we could have an article on the subject of doing a login page right. — FractionalRadix 18 days ago
@FractionalRadix I agree to keep this type of question at the current stage. However, one non-technical reason (e.g. too broad) IMO is that for a developer it is far more useful to try and error and ask focused questions than having a general question with some answer(s). It involves much more effort, but it also means a better understanding of the concepts. — Alexei 17 days ago