tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lior Shliechkorn <>
Subject Container Security and Resource Access
Date Thu, 19 Jun 2003 01:10:51 GMT
My question is regarding using Tomcat (4.1.18) container security, with using a JDBCRealm
along with a security constraint for FORM type loggin in. Ok, before I start confusing myself
and you, let me be more clear.
I'm using Tomcat with win2k pro, and currently the system is running with no problems, except
that I've "hotwired" the secuity mechanism using a servlet to check if a user in on the database
in order to allow access along with some filters to check whether the session variables are
still alive, and if not then the user is forwarded to a page in order to log in again.
My question now is if I use the JDBCRealm and the form login, how does that change the way
users log in and access resources? I've noticed that in order for Tomcat to load the login.jsp
page a user must try to access a jsp resource (I'm not sure if it works the same with HTML
pages). And this works for any type of resource. The way I have the app setup right now is
that if a user is logged in then he is rerouted, by a servlet to the apporpriate page (by
the access level). If the session is dead, and the user is still in the app then a filter
forwards the user to a "relogin" page.
What will I have to do in order for the j_secuity_check to get access to the user login servlet
so that the users can still be taken to the appropriate page once they logged in? Also, if
the session dies, does the filter forward the user to the relogin page or does the user get
forwarded to the login.jsp page as specified by the &lt;security-constraint&gt;? I'm
just not sure about how the requests are processed once I add the container security and how
much will the way the user sessions are handled right now will change.
I thank you for your help and the time you took to read this message. I couldn't not explain
it better shorter unfortunately =).

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message