tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From João Folha <joao.fo...@lis2.siemens.pt>
Subject Re: How can i create a login application
Date Mon, 26 Mar 2001 16:32:00 GMT
thanks for your answer, but i don´t received the attachment. Could you
resend it to me?

----- Original Message -----
From: "Bryant, William" <mbryant@c-cor.net>
To: <tomcat-user@jakarta.apache.org>
Sent: Monday, March 26, 2001 4:47 PM
Subject: RE: How can i create a login application



I have a similar requirement in the app we are writing...

It may not be the best solution to the problem, but here's what I did:

I created a 'login page' in which the user enters their username/password.
The action of this login form is a servlet that authenticates the
username/pass against a database. If the user is found in the database and
the correct password was given, then a login data object is created and
placed in the user's session.  This login data object is really just a
simple data class with some user info (name, userid, etc.), along with a
hashtable containing some table-driven permissions for that user's group.
This login data object also implements the HttpSessionBindingListener
interface so I know when the session times out (and can automatically log
the user out of the system).

Then, I created a simple login verification JSP.  This jsp simply checks for
the existence of the login data object, and if found, does nothing.  If,
however, the object is not found in the session, I know the user is not
logged in and issue a 'response.sendRedirect("index.jsp")' method to send
the user to the login page.

Finally, for each JSP in the system that the user must be logged in to view,
I use an include directive '<%@ include file="loginVerify.jsp" %>' at the
top of the file.  When a user requests this jsp file, the included jsp
(login verify) is fired off and checks to see if they are logged in, and if
not, redirects the user to the login page.

Hope that helps.

If you wanna see some code, let me know...


... Mike



-----Original Message-----
From: Paul Kofon [mailto:pkofon@hotmail.com]
Sent: Monday, March 26, 2001 10:29 AM
To: tomcat-user@jakarta.apache.org
Subject: Re: How can i create a login application


HI,
I'm sure there are a number of ways to do this. I have a method I use (which

might not be the simplest solution). Usually, my protected page is a jsp.
Now, to get to this jsp, you enter your username and password. When you hit
the submit button, the request is sent to a servlet that checks the database

and authenticates user. If the user is listed, the servlet directs the
request to the protected jsp. The tricky part is writing code in your jsp
(now this isn't generally advised, but I do it when it is absolutely
necessary) to check to make sure that the request came from the servlet! If
it did then the rest of jsp would be loaded otherwise, an error page would
be produced.
I'm sorry I can't give you any code samples right now but that's the general

idea. If you're familiar with JSPs, servlets and JDBC, you should get the
hang of it. Good luck!

Regards,

Paul


>From: João Folha <joao.folha@lis2.siemens.pt>
>Reply-To: tomcat-user@jakarta.apache.org
>To: <tomcat-user@jakarta.apache.org>
>Subject: How can i create a login application
>Date: Mon, 26 Mar 2001 15:09:44 +0100
>
>Hi there.
>
>I am trying to develop a web application, where for some url the users
>will need to login.
>In this process the users and passwords are in a ms access database.
>This application will be use in an intranet.
>Some one can advise me, ou give me some example?

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Mime
View raw message