tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Layman <randy.lay...@aswethink.com>
Subject RE: User login logging (JDBC authentication)
Date Thu, 05 Jul 2001 13:11:30 GMT

	You can use the Realms security infrastructure of Tomcat to achieve
what you are trying to do - you will need to modify your web.xml file, but
its pretty easy.

	http://jakarta.apache.org/cvsweb/index.cgi/jakarta-tomcat/src/doc/
is the documentation for Tomcat in the CVS repository.  A quick glance there
shows a howto for the JDBCRealm (authenticating against a database).

	Randy

> -----Original Message-----
> From: Rajehswar V. Rao [mailto:rajeshwarraov@erunway.com]
> Sent: Thursday, July 05, 2001 9:33 AM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: RE: User login logging (JDBC authentication)
> 
> 
> Hi randy,
> I would appreciate  your patience...
> I am coming from first...
> This is my prblem....
> I have 10 JSPs under myCon/jsp folder in Tomcat..
> One of them is Login.jsp...which does authentication of user...
> i check the username and password against data which lies in SQLServer
> 7.0...
> Once the user is authenticated only...I want to give access 
> to remaining
> JSPs..
> But he/she should not access any JSP unless authenticated by 
> Login.jsp...
> This is my problem...
> what is your best possible solution....
> Is it anyway related to Java or Tomcat security?
> If yes, how can i achieve it?
> Or is there any other way around to achieve it...
> 
> Thanks for listening...
> -raj-
> 
> 
> -----Original Message-----
> From: Randy Layman [mailto:randy.layman@aswethink.com]
> Sent: Thursday, July 05, 2001 6:18 PM
> To: tomcat-user@jakarta.apache.org
> Subject: RE: User login logging (JDBC authentication)
> 
> 
> 
> 	From IIS you can only set the access to Tomcat as a whole, not
> individually.  Tomcat controls access to the individual resources (IIS
> doesn't know what they are).
> 
> 	You can view (and modify) the username and password in 
> the session,
> I think the session field names are j_security_username and
> j_security_password, but don't remember right now - you can 
> get a session
> object back for a secured user and then iterate over the fields.
> 
> 	Randy
> 
> > -----Original Message-----
> > From: Rajehswar V. Rao [mailto:rajeshwarraov@erunway.com]
> > Sent: Thursday, July 05, 2001 9:11 AM
> > To: 'tomcat-user@jakarta.apache.org'
> > Subject: RE: User login logging (JDBC authentication)
> > 
> > 
> > Hi Randy and all,
> > if that is the case where can i set username and password....
> > And one more thing, i am using tomcat with IIS ...can i restrict
> > resources(JSPs and Servlets) on 
> > tomcat from IIS...
> > Any help would be appreciated....
> > -raj-
> > 
> > -----Original Message-----
> > From: Randy Layman [mailto:randy.layman@aswethink.com]
> > Sent: Thursday, July 05, 2001 5:32 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: RE: User login logging (JDBC authentication)
> > 
> > 
> > 
> > 	What is happening is that Tomcat is using the user's credentials
> > (username/password) in the Session to authenticate.  If they 
> > are not there
> > or invalid, then the user is prompted to log in again.
> > 
> > 	Randy
> > 
> > > -----Original Message-----
> > > From: Mark Muffett [mailto:markm@its-axiom.com]
> > > Sent: Thursday, July 05, 2001 8:33 AM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: Re: User login logging (JDBC authentication)
> > > 
> > > 
> > > Raj and all
> > > 
> > > I've managed to make the changes (very easy), but of course 
> > > it doesn't work
> > > exactly as I wanted it.... (isn't life always like that...)
> > > 
> > > I've got a database which is filling up fast since a new log 
> > > gets written to
> > > it every time a user accesses a new page (probably about 100 
> > > times each
> > > session).
> > > 
> > > Tomcat clearly knows what a session is (since it doesn't ask 
> > > the user to log
> > > in again for each page) - any idea where it does this?
> > > 
> > > Thanks for any help.
> > > 
> > > Mark
> > > 
> > > ----- Original Message -----
> > > From: "Rajehswar V. Rao" <rajeshwarraov@erunway.com>
> > > To: <tomcat-user@jakarta.apache.org>
> > > Sent: Thursday, July 05, 2001 12:21 PM
> > > Subject: RE: User login logging (JDBC authentication)
> > > 
> > > 
> > > > Hi Mark and all,
> > > > I think my situation is also almost same....
> > > > I have set of JSPs under my \myContext\jsp...
> > > > I dont want to give access to the users to these JSPs once 
> > > they have been
> > > > authnticated...
> > > > One of the JSPs authenticate the user....
> > > > please do help...
> > > > -raj-
> > > >
> > > > -----Original Message-----
> > > > From: Mark Muffett [mailto:markm@its-axiom.com]
> > > > Sent: Wednesday, July 04, 2001 1:59 PM
> > > > To: tomcat-user@jakarta.apache.org
> > > > Subject: Re: User login logging (JDBC authentication)
> > > >
> > > >
> > > > Sorry! - found it now (in tomcat_modules.jar).
> > > >
> > > > Mark
> > > >
> > > > ----- Original Message -----
> > > > From: "Mark Muffett" <markm@its-axiom.com>
> > > > To: <tomcat-user@jakarta.apache.org>; "Antony Bowesman" 
> > > <adb@teamware.com>
> > > > Sent: Wednesday, July 04, 2001 8:37 AM
> > > > Subject: Re: User login logging (JDBC authentication)
> > > >
> > > >
> > > > > Antony
> > > > >
> > > > > Many thanks for the suggestion, but where can I find this 
> > > - I've looked
> > > > > through the jar files in the common and container 
> directories of
> > > > > $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've 
> missed it?
> > > > >
> > > > > Any help appreciated.
> > > > >
> > > > > Thanks
> > > > >
> > > > > Mark
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Antony Bowesman" <adb@teamware.com>
> > > > > To: <tomcat-user@jakarta.apache.org>
> > > > > Sent: Thursday, June 28, 2001 4:58 PM
> > > > > Subject: Re: User login logging (JDBC authentication)
> > > > >
> > > > >
> > > > > > Mark Muffett wrote:
> > > > > > >
> > > > > > > Any ideas how best to log succesful (or unsuccesful) 
> > > logins via
> > > > > > > JDBC authentication.  The big problem is that the 
> > > user may have
> > > > > > > bookmarked any one of a number of protected pages, 
> > > and it isn't
> > > > > > > practical to put code on each of them.
> > > > > >
> > > > > > Just change the JDBC realm authenticate() method to log 
> > > the result of
> > > > > > the authentication.
> > > > > >
> > > > > > Antony
> > > > > >
> > > > >
> > > >
> > > 
> > 
> 

Mime
View raw message