tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: a question about user athentication
Date Mon, 02 Jul 2007 09:55:27 GMT
is_maximum wrote:
> Hi experts
> I am using Tomcat 5.5 and struts framework and security filter
> in order to authenticate users like the others I am using j_security_check
> action 
> but my problem is that I have a field in my user table namely status which
> represent whether the user is available or deleted by administrator
> the problem is even if it is deleted the tomcat will authenticate and let
> that user to sign in, how can I put a condition like "where status = 0" to
> prevent the other users to be signed in?
> in secirity filter we only specify field names of the table as follows:
> <realm-param name="userNameCol" value="userName" />
> <realm-param name="userCredCol" value="password" />

Have a look at JDBCRealm (or DatasourceRealm) in the Tomcat Source.
You could alter the SQL statement for password or username so it fails 
when '... status = 0'.

Upload a jar with your new realm in it to server/lib and configure the 
realm as a replacement for the one in your server.xml.


> any comment would be of a great help
> thanks

View raw message