tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Reto Badertscher" ...@i-netsystems.com>
Subject AW: User login logging (JDBC authentication)
Date Fri, 06 Jul 2001 07:19:32 GMT
Hi,

yeah this is more or less OK.
For my application i have a servlet acting as a controller (like a portal) -
all functions are accessed thru the controller, which dispatches the request
to the correct JSP (in your case), for my part i'm using Velocity and
templates.
This controller servlet initializes
- initialize the user session
- the logging system
- messages
- Database pools
- The events the application can handle

For every request to a protected resource (JSP), the controller checks if
the user is identified. If not, the request is dispatched to the login
event. After a successfull login, the login event redirects to the protected
resources (which was saved from the controller before redirecting to the
login JSP.

I'm using a login object in the session context which knows about
- the username
- the language
- preferences
- .....

Hope this helps

Reto
-----Urspr√ľngliche Nachricht-----
Von: Rajehswar V. Rao [mailto:rajeshwarraov@erunway.com]
Gesendet: Freitag, 6. Juli 2001 07:20
An: 'tomcat-user@jakarta.apache.org'
Betreff: RE: User login logging (JDBC authentication)


Hi Reto,
Could you please explain it more clearly....
And from your words i got one idea...
please tell me whether it is right way or not...
when ever a user access any JSP or Servlet other that LoginServlet(which is
controller servlet)..
I will check the session for some username ....
if it is null then i redirect the request Login.jsp...
Before this i will create a session in LogonServlet and set the username in
the session whenever user is authenticated...

is this OK
-raj-
-----Original Message-----
From: Reto Badertscher [mailto:rb@i-netsystems.com]
Sent: Thursday, July 05, 2001 7:53 PM
To: tomcat-user@jakarta.apache.org
Subject: AW: User login logging (JDBC authentication)


Hello,

If you have a controller servlet it can check for authenticated user and if
a user is not logged in you can redirect to your login screen, and after a
successfull login, redirect back to the protected target.
For security reason (accessing a JSP directly without going thru the
controller servlet), every protected resource can check if a user is logged
in.

Reto

-----Urspr√ľngliche Nachricht-----
Von: Rajehswar V. Rao [mailto:rajeshwarraov@erunway.com]
Gesendet: Donnerstag, 5. Juli 2001 15:33
An: 'tomcat-user@jakarta.apache.org'
Betreff: RE: User login logging (JDBC authentication)


Hi randy,
I would appreciate  your patience...
I am coming from first...
This is my prblem....
I have 10 JSPs under myCon/jsp folder in Tomcat..
One of them is Login.jsp...which does authentication of user...
i check the username and password against data which lies in SQLServer
7.0...
Once the user is authenticated only...I want to give access to remaining
JSPs..
But he/she should not access any JSP unless authenticated by Login.jsp...
This is my problem...
what is your best possible solution....
Is it anyway related to Java or Tomcat security?
If yes, how can i achieve it?
Or is there any other way around to achieve it...

Thanks for listening...
-raj-


-----Original Message-----
From: Randy Layman [mailto:randy.layman@aswethink.com]
Sent: Thursday, July 05, 2001 6:18 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: User login logging (JDBC authentication)



	From IIS you can only set the access to Tomcat as a whole, not
individually.  Tomcat controls access to the individual resources (IIS
doesn't know what they are).

	You can view (and modify) the username and password in the session,
I think the session field names are j_security_username and
j_security_password, but don't remember right now - you can get a session
object back for a secured user and then iterate over the fields.

	Randy

> -----Original Message-----
> From: Rajehswar V. Rao [mailto:rajeshwarraov@erunway.com]
> Sent: Thursday, July 05, 2001 9:11 AM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: RE: User login logging (JDBC authentication)
>
>
> Hi Randy and all,
> if that is the case where can i set username and password....
> And one more thing, i am using tomcat with IIS ...can i restrict
> resources(JSPs and Servlets) on
> tomcat from IIS...
> Any help would be appreciated....
> -raj-
>
> -----Original Message-----
> From: Randy Layman [mailto:randy.layman@aswethink.com]
> Sent: Thursday, July 05, 2001 5:32 PM
> To: tomcat-user@jakarta.apache.org
> Subject: RE: User login logging (JDBC authentication)
>
>
>
> 	What is happening is that Tomcat is using the user's credentials
> (username/password) in the Session to authenticate.  If they
> are not there
> or invalid, then the user is prompted to log in again.
>
> 	Randy
>
> > -----Original Message-----
> > From: Mark Muffett [mailto:markm@its-axiom.com]
> > Sent: Thursday, July 05, 2001 8:33 AM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Re: User login logging (JDBC authentication)
> >
> >
> > Raj and all
> >
> > I've managed to make the changes (very easy), but of course
> > it doesn't work
> > exactly as I wanted it.... (isn't life always like that...)
> >
> > I've got a database which is filling up fast since a new log
> > gets written to
> > it every time a user accesses a new page (probably about 100
> > times each
> > session).
> >
> > Tomcat clearly knows what a session is (since it doesn't ask
> > the user to log
> > in again for each page) - any idea where it does this?
> >
> > Thanks for any help.
> >
> > Mark
> >
> > ----- Original Message -----
> > From: "Rajehswar V. Rao" <rajeshwarraov@erunway.com>
> > To: <tomcat-user@jakarta.apache.org>
> > Sent: Thursday, July 05, 2001 12:21 PM
> > Subject: RE: User login logging (JDBC authentication)
> >
> >
> > > Hi Mark and all,
> > > I think my situation is also almost same....
> > > I have set of JSPs under my \myContext\jsp...
> > > I dont want to give access to the users to these JSPs once
> > they have been
> > > authnticated...
> > > One of the JSPs authenticate the user....
> > > please do help...
> > > -raj-
> > >
> > > -----Original Message-----
> > > From: Mark Muffett [mailto:markm@its-axiom.com]
> > > Sent: Wednesday, July 04, 2001 1:59 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: Re: User login logging (JDBC authentication)
> > >
> > >
> > > Sorry! - found it now (in tomcat_modules.jar).
> > >
> > > Mark
> > >
> > > ----- Original Message -----
> > > From: "Mark Muffett" <markm@its-axiom.com>
> > > To: <tomcat-user@jakarta.apache.org>; "Antony Bowesman"
> > <adb@teamware.com>
> > > Sent: Wednesday, July 04, 2001 8:37 AM
> > > Subject: Re: User login logging (JDBC authentication)
> > >
> > >
> > > > Antony
> > > >
> > > > Many thanks for the suggestion, but where can I find this
> > - I've looked
> > > > through the jar files in the common and container directories of
> > > > $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?
> > > >
> > > > Any help appreciated.
> > > >
> > > > Thanks
> > > >
> > > > Mark
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Antony Bowesman" <adb@teamware.com>
> > > > To: <tomcat-user@jakarta.apache.org>
> > > > Sent: Thursday, June 28, 2001 4:58 PM
> > > > Subject: Re: User login logging (JDBC authentication)
> > > >
> > > >
> > > > > Mark Muffett wrote:
> > > > > >
> > > > > > Any ideas how best to log succesful (or unsuccesful)
> > logins via
> > > > > > JDBC authentication.  The big problem is that the
> > user may have
> > > > > > bookmarked any one of a number of protected pages,
> > and it isn't
> > > > > > practical to put code on each of them.
> > > > >
> > > > > Just change the JDBC realm authenticate() method to log
> > the result of
> > > > > the authentication.
> > > > >
> > > > > Antony
> > > > >
> > > >
> > >
> >
>


Mime
View raw message