--
All,
I've read the FAQ-O-Matic about accessing environment variables within a
servlet run by JServ, however I'm not getting *all* the variables I'm
looking for. I've (also with the help of the F-O-M) figured-out how to
have a standard HTTP authentication window open when a user accesses my
servlets directly. Creating a servlet that shows the environment as
well as the JVM properties, I've concluded that JServ isn't passed the
authentication (or other Web server) variables, such as REMOTE_USER,
etc.
I've writing some servlets that will interact with like 30,000 users. I
want there to be four classes of users, i.e. users, administrators,
managers, and cashiers. In order to tell one type of user apart from
the other, I want to have the four groups have usernames associated with
it (or, actually, by default everyone would be in the "user" group, and
then just manage the other three). To know just what the user who just
logged-in can do and can't do, I'd like the servlet to query the
database to see if the user is an admin or cashier or just a plain
user. I've not found any way of finding-out who the user is that just
authenticated using JServ, though.
Two solutions to my own problem would be:
1. Create separate servlet zones with separate HTPASSWD files and have
only the relevent users listed in the given servlet zone's
configuration.
2. Have the user authenticate via a Web form (rather than the standard
HTTP authentication) and have a servlet check the HTPASSWD file
manually, and then pass the appropriate username and group information
around.
The first solution seems okay, if a little kludgy. It also means a
larger code base to take care of and slightly increased administration
overhead due to the four HTPASSWD files. The second solves the problems
of the first but introduces the need to check passwords using something
akin to the UNIX Crypt libraries, something not only do I know nothing
about, but know even less about in Java (even if someone has already
implemented Crypt in Java).
What I'm looking for is either a way to access the REMOTE_USER and other
such environment variables from within a servlet (I understand it makes
things a little platform and Web server dependant) or another solution
as to how I might authenticate a user and then be able to know within
the servlet which username I'm working with.
Thanks for any suggestions!
-Fred Whipple
Syracuse University
PS - Source code to my servlet which shows first the Web server
environment variables and then the JVM system properties is available
upon request :-)
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
READ THE FAQ!!!! <http://java.apache.org/faq/>
Archives and Other: <http://java.apache.org/main/mail.html/>
Problems?: [EMAIL PROTECTED]
