RE: Username and Password

Wed, 06 Feb 2002 15:34:20 -0800 

Dear Joanne,

String username = request.getRemoteUser();

That does the trick for me.

As far as the password, this is what I do.

Protect a servlet or jsp(lets say /login) where you want to get the vital
information from within your web.xml. Since you have already used form-based
authorization...you know how to do this.

Lets say the servlet is /login, from within the post (because all processing
of form-based stuff is post) processing, you can do this:

             String username = request.getRemoteUser();
             String password = request.getParameter("j_password");

And then you can do stuff with this (for example, encrypt the password and
username, and create some authorization cookies).

After you do stuff, you can forward to other protected resources.

This is all assuming you already have a user.

If you want to programatically create a user, you use the roleManager
interface to do this (by using roleManager, you can change your usermanager
later without having to change any code).

RoleManager manager = (RoleManager)new
InitialContext().lookup("java:comp/RoleManager");

Principal principal = manager.createPrincipal(username,password,....)

you can also add principals to various roles with

manager.addToRole(principal,role);

or remove from role

manager.removeFromRole(principal,role);

You can even programatically log somebody in...

manager.login(username,password);

or even remove the user

manager.remove(principal);

Its really quite flexible. A little like JAAS, but easier to use.

Regards,

the elephantwalker
www.elephantwalker.com


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Christian,
Joanne
Sent: Wednesday, February 06, 2002 9:30 AM
To: Orion-Interest
Subject: Username and Password


HI All,

I'm new to J2EE and Orion. I have set up form-based authorization using
DataSourceUserManager. Super!

>From my initial jsp and/or servlet (not the login page), I would like to
access the username of the person who just logged in.

How can I do this?  I have tried to get attributes from the ServletContext
an the session. I have also tried various other things I'd rather not
mention . . .

So:
How can I access the values of j_username and j_password once the user has
been logged in?

Also, where and what is j_security_check?


Thanks,

Joanne

Reply via email to