tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michelle" <>
Subject Re: user authentication
Date Tue, 14 Nov 2000 20:03:15 GMT
Thanx much for the quick response ... may I inquire further please?

: For our system, we're managing it all through sessions.  When the
person logs
: in, their login information is checked against a database object.
If it
: matches, they're logged in.  Otherwise, they're asked to provide a
: login, or bugger off.
: After they're logged in, there is a user object associated with
their session
: (session.setAttribute( user, "user" )).
: It is through this user object that decides where they can access,
and what they
: can access.

Can to explain this further please - how do you manage the
url-user-role matrix in your user object?  Further, how do you do a
check in a timely fashion for every protected area of your site?

I was thinking of developing some sort of all encompassing "white
pages" for everyone and every url.  When a user logs in, I could
grab all data for that user from the white pages and stuff that info
into the session.  From then on in, for every protected page access,
I could validate the URL against the session data and not hit the
database.  Database updates for new users and roles could be handled

In this scenario - I would role my own system.

Thanx much - Michelle

View raw message