tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Propes, Barry L " <>
Subject RE: a question about user athentication
Date Thu, 05 Jul 2007 19:22:21 GMT
to "prevent the other users to be signed on?"

Do you mean prevent from locking them out?

I've got a similar deal in my db with the users table, a column called user_dbflag, which,
like your status column, uses a simple int value of -1 or 0 to see who's "active." Actually,
it also has a timestamp column to verify who has changed their password and when they change
it the dbflag column value changes from -1 to 0.

In one of my SQL statements, I have the condition to allow the user to see (and submit/enact
on) the JSP in question.
If they're allowed, they can see the whole thing. If not, Tomcat will throw a 500 (specifically
Exhausted ResultSet) error.
In that case, I catch the exception and notify the user by printing to the browser a message
telling them their user role does not properly match or their password has been "deactivated."
In reality, the user account or password is never deleted from the db table.

Let me know if you need more info on this.

-----Original Message-----
From: is_maximum []
Sent: Monday, July 02, 2007 1:46 AM
Subject: a question about user athentication

Hi experts

I am using Tomcat 5.5 and struts framework and security filter
in order to authenticate users like the others I am using j_security_check
but my problem is that I have a field in my user table namely status which
represent whether the user is available or deleted by administrator

the problem is even if it is deleted the tomcat will authenticate and let
that user to sign in, how can I put a condition like "where status = 0" to
prevent the other users to be signed in?

in secirity filter we only specify field names of the table as follows:

<realm-param name="userNameCol" value="userName" />
<realm-param name="userCredCol" value="password" />

any comment would be of a great help

View this message in context:
Sent from the Tomcat - User mailing list archive at

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message