tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ricardo Banffy <rica...@organic.com.br>
Subject RE: How to setup login based security?
Date Fri, 02 Jun 2000 14:09:34 GMT
You could extend the HttpServlet class in a way that when you use the
service method (or GET or POST) you check if the session object has the
desired login. If not, you redirect the user to the login page.

Then you make all your secure servlets extend this class instead of
HttpServlet.


-----Original Message-----
From: raimee [mailto:raimee@sympatico.ca]
Sent: Thursday, June 01, 2000 8:56 PM
To: tomcat-user@jakarta.apache.org
Subject: Re: How to setup login based security?


> Christoph Kulla wrote:
>
> Hi,
>
> my webapplication starts with a form based user login. A database lookup
is
> made to check if there is a user account. When the login is successfull an
> user object is inserted in the current session data. All other servlets of
my
> webapp should check if these user object exists and if not redirect the
> request to the login form.
>
> My idea is to implement a check servlet (or a simple class) which
> checks every request to my webapp before the requested servlet is called.
> Is this possible with tomcat or is there any other way to secure my
webapp.
>
> Regards,

Hello,

How did you make out with the security login problem.
I have not been able to figure out exactly how to implement a security
servlet under Apache + Tomcat on an NT machine.

First I tried to use auth_mod (using htpasswd and the .htaccess
file)under
Apache to protect a single servlet context.  I was not able to do this.
There
is obviously more to this process that the configuration required for a
stand alone Apache,
and I haven't been able to get it.

I have followed this discussion thread on the mail list with the hope of
solving my problem; "How to set-up login based security."

My Tomcat install will be serving 5 or 6 related-applications using as
many contexts.
The session management will be centralized for ALL apps.; Users can
switch between
applications without having to login each time.  Thus having a wrapper
Security Servlet that dispatches requests to all contexts seams
suitable.

I would really like to see a small scale example.  I may already have
one and not know it's
there.

Any advise much appreciated.

- Raimee

--------------------------------------------------------------------------
To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
For additional commmands, email: tomcat-user-help@jakarta.apache.org


Mime
View raw message