tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andres Ledesma <le...@telefonica.net>
Subject Re: restricting access to jsp pages
Date Thu, 15 Jan 2004 16:40:45 GMT

> I thought about that... and I would like to set up a role in
> tomcat-users to accomplish that.  However, I don't want the user to have
> to log in, rather I want to have my "guard" servlet authenticate the
> user and then forward the request with the role filled in
> programmatically.  However, I can't find in the docs how Tomcat knows
> whether the user has logged in yet, so I can't programmatically fill in
> the user name.
>
> Can someone direct me to the documentation (or source code) that looks
> for the user/role?
>

Well, the servlet can set attributes on the user's session and latter you can 
check whether this attributes have been set, you can even know whether it's a 
new session or an older one. 

There is a book 'moreservlets ans jsp' thar explains it very well, but is a 
sage of 'core servlets and jsp', that is entirely in 'www.moreservlets.com'.
Any way, I send you a snippet of code where I verify and set something in the 
session ....

  /** Processes requests for both HTTP <code>GET</code> and <code>POST</code>

methods.
     * @param request servlet request
     * @param response servlet response
     */
    protected void processRequest(HttpServletRequest request, 
HttpServletResponse response)
    throws ServletException, IOException {
    
        String username = request.getParameter("username");
        String password = request.getParameter("password");

        HttpSession session = request.getSession(true);

        try{
            aUser usr = new aUser();

            if( usr.IsAValidUser(username, password) ) 
            {
                
                UserSession user = (UserSession)session.getAttribute("user");
                if ( user == null)
                {
                    user = new UserSession();                
                    user.setIsLogged(true);
                    user.setIsClient(true);

                    session.setAttribute("user", user);
                    
                }
                else
                {
                    user.setIsLogged(true);
                    user.setIsClient(true);
                }
                
                
            }
            
        }
        catch(Exception e)
        {
 		........;
        }
        
	..........  ;

    }

Hope this help ....

Andrew


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message