Hi,
I don't know whether this is correct place to ask, but since my application is J2EE application (JSP) I'm asking it here.
We've several web applications, some of them are J2EE applications (JSP, JAVA) and the administrators of these applications change frequently. One can just change code and add "println(username, password)" and get credentials of all users. What I want is to find centralized and more secure way of authentication. Actually, authentication is done by ldap server and credentials are saved there.
I was looking for a way like, importing a class/package or something like that. And this package/class will handle all authentication stuff, then forward to my application if only user is authenticated. So administrators can't get (easily) passwords.
Maybe such packages already exist? Or do you have any better idea for solving this problem? Let's brainstorm, any kind of suggestions are welcome.
Thanks.