Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 37945 invoked from network); 5 Jul 2007 19:23:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Jul 2007 19:23:19 -0000 Received: (qmail 83625 invoked by uid 500); 5 Jul 2007 19:21:09 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 83555 invoked by uid 500); 5 Jul 2007 19:21:09 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 83538 invoked by uid 99); 5 Jul 2007 19:21:09 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jul 2007 12:21:09 -0700 X-ASF-Spam-Status: No, hits=0.3 required=10.0 tests=MAILTO_TO_SPAM_ADDR,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of barry.l.propes@citigroup.com designates 192.193.221.104 as permitted sender) Received: from [192.193.221.104] (HELO mail.citigroup.com) (192.193.221.104) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jul 2007 12:21:01 -0700 Received: from imbarc-nj01.nj.ssmb.com (imbarc-nj01.nj.ssmb.com [150.110.115.169]) by imbaspam-ss02.namdmz.dmzroot.net (8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id l65JKb8j028305 for ; Thu, 5 Jul 2007 19:20:40 GMT Received: from mailhub-nj04-1.nj.ssmb.com (mailhub-nj04-2.nj.ssmb.com [150.110.236.237]) by imbarc-nj01.nj.ssmb.com (8.13.7/8.13.7/SSMB_QQQ_IN/1.1) with ESMTP id l65JKWN8006935 for ; Thu, 5 Jul 2007 19:20:32 GMT Received: from exnjsm03.nam.nsroot.net (exnjsm03.nam.nsroot.net [150.110.188.175]) by mailhub-nj04-1.nj.ssmb.com (8.13.7/8.13.7/CG_HUB) with ESMTP id l65JKWYT023436 for ; Thu, 5 Jul 2007 19:20:32 GMT Received: from exnjmb23.nam.nsroot.net ([169.193.40.18]) by exnjsm03.nam.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713); Thu, 5 Jul 2007 15:20:32 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: a question about user athentication Date: Thu, 5 Jul 2007 15:22:21 -0400 Message-ID: <3A55348B50FD2A40AAA40ABA16C6B6D60B70C830@EXNJMB23.nam.nsroot.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: a question about user athentication Thread-Index: Ace8dMhmOpRx6EalQLycDTmE6JNsHACxA+EA From: "Propes, Barry L " To: "Tomcat Users List" X-OriginalArrivalTime: 05 Jul 2007 19:20:32.0369 (UTC) FILETIME=[8E3C0E10:01C7BF39] X-Scanned-By: MIMEDefang 2.52 on 169.175.16.181 X-Virus-Checked: Checked by ClamAV on apache.org to "prevent the other users to be signed on?" Do you mean prevent from locking them out? I've got a similar deal in my db with the users table, a column called = user_dbflag, which, like your status column, uses a simple int value of = -1 or 0 to see who's "active." Actually, it also has a timestamp column = to verify who has changed their password and when they change it the = dbflag column value changes from -1 to 0. In one of my SQL statements, I have the condition to allow the user to = see (and submit/enact on) the JSP in question. If they're allowed, they can see the whole thing. If not, Tomcat will = throw a 500 (specifically Exhausted ResultSet) error. In that case, I catch the exception and notify the user by printing to = the browser a message telling them their user role does not properly = match or their password has been "deactivated." In reality, the user = account or password is never deleted from the db table. Let me know if you need more info on this. -----Original Message----- From: is_maximum [mailto:mnrz57@gmail.com] Sent: Monday, July 02, 2007 1:46 AM To: users@tomcat.apache.org Subject: a question about user athentication Hi experts I am using Tomcat 5.5 and struts framework and security filter in order to authenticate users like the others I am using = j_security_check action=20 but my problem is that I have a field in my user table namely status = which represent whether the user is available or deleted by administrator the problem is even if it is deleted the tomcat will authenticate and = let that user to sign in, how can I put a condition like "where status =3D = 0" to prevent the other users to be signed in? in secirity filter we only specify field names of the table as follows: any comment would be of a great help thanks --=20 View this message in context: = http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#= a11388743 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org