I am creating an Android application that communicates with a web server on apache tomcat. Creating a web server in JAVA EE. Currently, I use a username and password for authentication and authorization, and I use tokens for session management. Therefore, when the user logs in, I will check the mysql database and authenticate the user. When a user tries to perform an action based on the sent token, I will identify the user and allow him to perform based on the privileges granted to this user. It looks a little bulky. I was wondering if there is some kind of standard structure that facilitates this task.
Is authentication and authorization possible at the Tomcat container level, so the request will not be available in the web application if it is not authorized to perform the action?
Or is there any infrastructure that provides standard authentication and authorization in a web application?
source
share