tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Curwen" <gb_...@gb-im.com>
Subject RE: How to make Tomcat reread user's role from database
Date Thu, 10 Jul 2003 14:01:06 GMT
That's one way of doing it, but what if you want to use
container-provided auth, and methods like 
isUserInRole
getUserPrincipal
etc....

And Rick, this relates to your other question about FORM AUTH and
session timeout.  I'm fairly certain that if you expire your session,
then you are no longer authenticated.  For sure it works that way with
BASIC.  Have you tried already, and you know it doesn't work the same
for FORM?
 
If it works as expected, then (Michael M) what you might consider is on
the servlet that 'upgrades' the user from trial to 'not trial'
invalidate the session, and redirect to a protected page. This would
make the container authenticate the user again, meaning the user would
need to login again, but at least they would be kicked out of their old
role.


> -----Original Message-----
> From: Rick Roberts [mailto:techinfo@ait-web.com] 
> Sent: Thursday, July 10, 2003 9:00 AM
> To: Tomcat Users List
> Subject: Re: How to make Tomcat reread user's role from database
> 
> 
> Assuming I understand your problem:
> 
> You may want to try populating a session object from the 
> database and then 
> update that session object when the user changes his role 
> info.  Then use the 
> session object to make decisions, rather than need to re-read 
> the database each 
> time.
> 
> 
> Michael Mattox wrote:
> > My website uses a subscription based service, and we're 
> using WorldPay 
> > (similar to PayPal I believe) to handle the credit card 
> billing.  I've 
> > defined roles for each of the subscription levels:
> > 
> > trial
> > trial_expired
> > bronze
> > silver
> > gold
> > 
> > The problem is when a trial user registers, they become 
> > bronze/silver/gold but until they logout and log back in, Tomcat 
> > thinks they're in the old role.  Is it possible to make 
> Tomcat reread 
> > the user's role from the database?  If not, is there a way 
> to log the 
> > user out so they'll have to log back in again?  I'm curious 
> how others 
> > are handling this, it seems like it'd be a common problem.
> > 
> > Thanks,
> > Michael
> > 
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > 
> 
> -- 
> *******************************************
> * Rick Roberts                            *
> * Advanced Information Technologies, Inc. *
> *******************************************
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message