tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andres Ledesma <>
Subject Re: restricting access to jsp pages
Date Thu, 15 Jan 2004 16:40:45 GMT

> I thought about that... and I would like to set up a role in
> tomcat-users to accomplish that.  However, I don't want the user to have
> to log in, rather I want to have my "guard" servlet authenticate the
> user and then forward the request with the role filled in
> programmatically.  However, I can't find in the docs how Tomcat knows
> whether the user has logged in yet, so I can't programmatically fill in
> the user name.
> Can someone direct me to the documentation (or source code) that looks
> for the user/role?

Well, the servlet can set attributes on the user's session and latter you can 
check whether this attributes have been set, you can even know whether it's a 
new session or an older one. 

There is a book 'moreservlets ans jsp' thar explains it very well, but is a 
sage of 'core servlets and jsp', that is entirely in ''.
Any way, I send you a snippet of code where I verify and set something in the 
session ....

  /** Processes requests for both HTTP <code>GET</code> and <code>POST</code>

     * @param request servlet request
     * @param response servlet response
    protected void processRequest(HttpServletRequest request, 
HttpServletResponse response)
    throws ServletException, IOException {
        String username = request.getParameter("username");
        String password = request.getParameter("password");

        HttpSession session = request.getSession(true);

            aUser usr = new aUser();

            if( usr.IsAValidUser(username, password) ) 
                UserSession user = (UserSession)session.getAttribute("user");
                if ( user == null)
                    user = new UserSession();                

                    session.setAttribute("user", user);
        catch(Exception e)
	..........  ;


Hope this help ....


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message