Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: tomcat-user@jakarta.apache.org
Message-ID: 
 <BFA473DC742E994697067EB1B865D525029DDB@eipmailsvr.erunway.atc.dns>
From: "Rajehswar V. Rao" <rajeshwarraov@erunway.com>
To: "'tomcat-user@jakarta.apache.org'" <tomcat-user@jakarta.apache.org>
Subject: RE: User login logging (JDBC authentication)
Date: Thu, 5 Jul 2001 19:02:45 +0530 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"

Hi randy,
I would appreciate  your patience...
I am coming from first...
This is my prblem....
I have 10 JSPs under myCon/jsp folder in Tomcat..
One of them is Login.jsp...which does authentication of user...
i check the username and password against data which lies in SQLServer
7.0...
Once the user is authenticated only...I want to give access to remaining
JSPs..
But he/she should not access any JSP unless authenticated by Login.jsp...
This is my problem...
what is your best possible solution....
Is it anyway related to Java or Tomcat security?
If yes, how can i achieve it?
Or is there any other way around to achieve it...

Thanks for listening...
-raj-


-----Original Message-----
From: Randy Layman [mailto:randy.layman@aswethink.com]
Sent: Thursday, July 05, 2001 6:18 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: User login logging (JDBC authentication)


	From IIS you can only set the access to Tomcat as a whole, not
individually.  Tomcat controls access to the individual resources (IIS
doesn't know what they are).

	You can view (and modify) the username and password in the session,
I think the session field names are j_security_username and
j_security_password, but don't remember right now - you can get a session
object back for a secured user and then iterate over the fields.

	Randy

> -----Original Message-----
> From: Rajehswar V. Rao [mailto:rajeshwarraov@erunway.com]
> Sent: Thursday, July 05, 2001 9:11 AM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: RE: User login logging (JDBC authentication)
> 
> 
> Hi Randy and all,
> if that is the case where can i set username and password....
> And one more thing, i am using tomcat with IIS ...can i restrict
> resources(JSPs and Servlets) on 
> tomcat from IIS...
> Any help would be appreciated....
> -raj-
> 
> -----Original Message-----
> From: Randy Layman [mailto:randy.layman@aswethink.com]
> Sent: Thursday, July 05, 2001 5:32 PM
> To: tomcat-user@jakarta.apache.org
> Subject: RE: User login logging (JDBC authentication)
> 
> 
> 
> 	What is happening is that Tomcat is using the user's credentials
> (username/password) in the Session to authenticate.  If they 
> are not there
> or invalid, then the user is prompted to log in again.
> 
> 	Randy
> 
> > -----Original Message-----
> > From: Mark Muffett [mailto:markm@its-axiom.com]
> > Sent: Thursday, July 05, 2001 8:33 AM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Re: User login logging (JDBC authentication)
> > 
> > 
> > Raj and all
> > 
> > I've managed to make the changes (very easy), but of course 
> > it doesn't work
> > exactly as I wanted it.... (isn't life always like that...)
> > 
> > I've got a database which is filling up fast since a new log 
> > gets written to
> > it every time a user accesses a new page (probably about 100 
> > times each
> > session).
> > 
> > Tomcat clearly knows what a session is (since it doesn't ask 
> > the user to log
> > in again for each page) - any idea where it does this?
> > 
> > Thanks for any help.
> > 
> > Mark
> > 
> > ----- Original Message -----
> > From: "Rajehswar V. Rao" <rajeshwarraov@erunway.com>
> > To: <tomcat-user@jakarta.apache.org>
> > Sent: Thursday, July 05, 2001 12:21 PM
> > Subject: RE: User login logging (JDBC authentication)
> > 
> > 
> > > Hi Mark and all,
> > > I think my situation is also almost same....
> > > I have set of JSPs under my \myContext\jsp...
> > > I dont want to give access to the users to these JSPs once 
> > they have been
> > > authnticated...
> > > One of the JSPs authenticate the user....
> > > please do help...
> > > -raj-
> > >
> > > -----Original Message-----
> > > From: Mark Muffett [mailto:markm@its-axiom.com]
> > > Sent: Wednesday, July 04, 2001 1:59 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: Re: User login logging (JDBC authentication)
> > >
> > >
> > > Sorry! - found it now (in tomcat_modules.jar).
> > >
> > > Mark
> > >
> > > ----- Original Message -----
> > > From: "Mark Muffett" <markm@its-axiom.com>
> > > To: <tomcat-user@jakarta.apache.org>; "Antony Bowesman" 
> > <adb@teamware.com>
> > > Sent: Wednesday, July 04, 2001 8:37 AM
> > > Subject: Re: User login logging (JDBC authentication)
> > >
> > >
> > > > Antony
> > > >
> > > > Many thanks for the suggestion, but where can I find this 
> > - I've looked
> > > > through the jar files in the common and container directories of
> > > > $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?
> > > >
> > > > Any help appreciated.
> > > >
> > > > Thanks
> > > >
> > > > Mark
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Antony Bowesman" <adb@teamware.com>
> > > > To: <tomcat-user@jakarta.apache.org>
> > > > Sent: Thursday, June 28, 2001 4:58 PM
> > > > Subject: Re: User login logging (JDBC authentication)
> > > >
> > > >
> > > > > Mark Muffett wrote:
> > > > > >
> > > > > > Any ideas how best to log succesful (or unsuccesful) 
> > logins via
> > > > > > JDBC authentication.  The big problem is that the 
> > user may have
> > > > > > bookmarked any one of a number of protected pages, 
> > and it isn't
> > > > > > practical to put code on each of them.
> > > > >
> > > > > Just change the JDBC realm authenticate() method to log 
> > the result of
> > > > > the authentication.
> > > > >
> > > > > Antony
> > > > >
> > > >
> > >
> > 
>