RE: calling a config file from bean
I'm not sure if ResourceBundle is what you'll want. So here are a few more things to look at, just in case. java.util.Properties has a load method that can take in an InputStream javax.servlet.ServletContext has a getResouceAsStream method which will get you the properties file ( from web app context ) also, there is a way to setup a JSP inside of the web.xml file so that you can give it init parameters. you should look it up in the web.xml spec... fernando On Sun, 8 Jul 2001, Batsheva Raviv wrote: it is very helpful, Thank you, Batsheva -Original Message- From: Wyn Easton [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 08, 2001 3:50 AM To: [EMAIL PROTECTED] Subject: Re: calling a config file from bean Look at ResourceBundle in the java docs. You can use the getBundle()method to load property files. The classpath is searched for the property file. So you can put the property file in you web apps. classes directory or in a jar file under lib. --- Batsheva Raviv [EMAIL PROTECTED] wrote: has anyone wrote a method to read a config file from a bean? how can I call a config file from the bean. if I use Servlet I can use the web.xml file, but I call a bean file from the jsp page. where should I put the config file? do I have to hard code the path to the config file. Thank you, Batsheva __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
RE: Accessing a packaged file
you want to take a look at the getServletContext().getResource* methods. These methods are implemented by the Servlet Container to allow the servlet to access resources where ever they happend to be.. either in a file, in a WAR file, in a database, however the container wants to maintain it fernando On Mon, 23 Apr 2001, Milt Epstein wrote: On Mon, 23 Apr 2001, Filip Hanik wrote: Thread.currentThread().getContextClassLoader().getResourceAsStream picks up files in your WEB-INF/classes or WEB-INF/lib inside of a jar or zip [ ... ] I have seen this this construct mentioned a few times here: Thread.currentThread().getContextClassLoader().getResourceAsStream() but is this any different from: getContext().getResourceAsStream() (similar for getResource(), of course). -Original Message- From: Jim Downing [mailto:[EMAIL PROTECTED]] Sent: Monday, April 23, 2001 9:09 AM To: [EMAIL PROTECTED] Subject: Accessing a packaged file Hi, I'm trying to get a servlet to access a text file that has been packaged with the servlet in a .war file. Is it possible to access the file without knowing it's absolute path when deployed, and if so how? jim Milt Epstein Research Programmer Software/Systems Development Group Computing and Communications Services Office (CCSO) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED]
Re: Fed up to the back teeth with tomcat !!!
Hmm, interesting.. I did have a similar issue with an Oracle driver a while back. Yes, the Debugging helped alot. So I was driven to doing a System.gc(); after and/or before every statement... :) I think discovered this, assuming that all of that io and String creation forced a gc... and it seems to work now :):) On Wed, 11 Apr 2001, Lyle H. Ward wrote: Since you are using SQL server, are you using ODBC? There is a bug in ODBC that stops the [web] service. It doesn't affect all installations. If this is what's happening, there is an awful work-around. Turn on ODBC tracing. It prevents the service from halting but creates a monster log file. At 08:11 PM 4/11/2001 +0100, you wrote: I am fed up to the back teeth with Tomcat under Apache. I'm trying to run a 24/7 web page servinbg around 20,000 .jsp pages a day and I'v ehad to reset the damn server 3 times today already. It keeps falling over with absolutly no error *** log messages at all. I am at my wits end, not to mention my poor users who have had to put up with this service for the past month. I am totaly lost now as to where to look for solutions So can someone please recomend a good webserver that will run .jsp and servlets pages and integrates well with a SQL server ? I used to run Java Webserver 2.0 would going back to that help ? Andy C Editor R2 Project http://www.r2-dvd.org (lets hopr you don't see a 500 internal error message.)
FORM Login help
hi. I am having issues with relative urls inside of the login-form page. I'm wondering what the expected behavior is, and if other expect tomcat to work differently.. below is an attempt at describing what's going on. The problem is that the base url changes depending on the resource that was requested when the log-in form is launched. The images are under the /myapp/images/* directory. The login page is under /myapp/login.jsp, and so the relative urls look like: "./images/image.jpg" So if I go to a resource at the same level as the login.jsp is works: http://localhost:8080/myapp/index.jsp but if I go to a resource at a different level the relative urls break: http://localhost:8080/myapp/SomeSubDir/index.html Tomcat puts a BASE HREF="http://localhost:8080/myapp/SomeSubDir/" at the top of the returned page.. And as far as the browser is concerned, it is looking at the requested resource ( http://localhost:8080/myapp/SomeSubDir/index.html ). so all relative urls are relative to the new resource directory.. not the real login.jsp resource directory...
Re: Question regarding the JSP include action versus the JSP includedirective
the include directive is at page translation, but it's the page source... in pseudo jsp :) A: HIgetDate() B: HIgetDate() C: include A jsp:include B C becomes: HIgetDate() requestdispatcher( B ).include() and that is what is executed.. thus both getDate() calls are made are request time.. fern On Thu, 8 Mar 2001, Paul J Deitel wrote: It is my understanding that the include directive is processed at page translation time and the jsp:include action is processed at request time. However, I seem to get the same functionality from both. I have a simple JSP that creates a java.util.Date object. I tried both forms of include expecting that the directive form would result in date and time at which the page was first translated and that the action form would provide the date and time of each request. Does tomcat 3.2.1 handle both include forms identically? Or am I doing something wrong? Thanks, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Realm classes and ClassLoaders
I'm confused. I have Realm authentication set-up. I haven't heard about
the Authenticator API? Is that configurable from the server.xml as well??
fern
You would need to sublcass whichever authenticator class you are using
(such as
org.apache.catalina.authenticator.FormAuthenticator) and override the
authenticate()
method, something like this:
public boolean authenticate(HttpRequest request,
HttpResponse response, LoginConfig config) {
if (!super.authenticate(request, response, config))
return (false);
MyPrincipal principal =
(MyPrincipal) request.getUserPrincipal();
if (principal == null) {
// We are asking for the form login page
return (true);
} else {
// Copy the stuff we need into the session
HttpSession session =
((HttpServletRequest) request.getRequest).getSession();
session.setAttribute("userStatus", principal.getStatus());
...
return (true);
}
}
Note that the attributes you save need to be JDK classes like String,
because the
user classes you store in the server directory are not visible to web
apps.
thank you :):):)
fern
Craig McClanahan
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
Re: Realm classes and ClassLoaders
On Fri, 2 Mar 2001, Craig R. McClanahan wrote: Fernando Padilla wrote: Again, I'm trying to bridge the gap between the classloader used by the server and the classloader used by the web app. So that I can cast/use an object from one classloader from the other classloader Ideas?? Help?? Clue?? Rants?? Raves?? In that case, you're not going to be able to do this cast. The classes placed in $TOMCAT_HOME/server are loaded by a class loader that is not visible to web applications (i.e. it is not a parent class loader to the one used for your web app). If you have additional information from the MyUserPrincipal class that your application needs to see, I suggest that you store them as request attributes or session attributes inside the authenticator. This will work for anything that is a String or a Java primitive type (wrapped in the corresponding wrapper class such as java.lang.Integer for an "int"). 1) i hear people say, to add jar file to $TOMCAT_HOME/lib, I tried that and that did not work, so i added them to $TOMCAT_HOME/server and that did work. 2) request or session attributes inside the authenticator?? I'm using MyRealm, the interface to that is just authenticate( String user, String pass ), how can I access the request or session that is being authenticated?? thank you :):):) fern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Realm classes and ClassLoaders
I have a MyRealm class to lock down my webapp. That works fine. I have the jar file with the classes in $TOMCAT_HOME/server and within $WEB_APP/WEB_INF/lib. The Web App needs to gain access to the username/password given to the Realm ( right now I store it in the MyPrincipal class ), to be able to login into a backend tier. I try to cast the Principal ( from getUserPrincipal ), to MyPrincipal, but it there is a ClassCastException ( though it is indeed the right class, it's from a different class loader.. etc ) Again, I'm trying to bridge the gap between the classloader used by the server and the classloader used by the web app. So that I can cast/use an object from one classloader from the other classloader Ideas?? Help?? Clue?? Rants?? Raves?? just toss 'em out fern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: webapp icons, disabling directory listings, and error-pagetags in web.xml
On Tue, 27 Feb 2001, Chris Haynes wrote: Stefan, You can turn off the generation of indexes by setting the argument suppress="true" in the StaticInterceptor entry in server.xml. hey, I've heard this before, but have never found this StaticInterceptor in server.xml. I just tried to look for it in tomcat 4.x and 3.x and it's not there. I need more understanding... thanx fern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: webapp icons, disabling directory listings, and error-pagetags in web.xml
Stefan, The web.xml file is completely defined as part of the Servlet 2.2 Specification, when it defines Web Applications. Go there for the official reference. On Tue, 27 Feb 2001, Stefn F. Stefnsson wrote: Hello. I was wondering if anyone knows if the icon element in web.xml is not working in Tomcat (it's not working for me... just wondering if it's not supported or if it's something specific with me). ??? report a reproducable bug please, and someone should handle it. don't forget the icon file has to be relative to the webapp root. Another thing (a little more important) is the welcome-file-list element. I have one such in my web.xml and it contains one welcome-file element. This is directly from it: welcome-file-list welcome-file/servlet/com.decode.ips.webservice.controller.IPSControlle rServlet/welcome-file /welcome-file-list Again, the tag says, welcome-file, you define a file to map to, if it is present. There is no servlet/... file present. One trick is to map it to welcome-fileindex.servlet/welcome-file then do a servlet-mapping mapping index.servlet to your JSPControllerServlet. And for further assurance, you can create an index.servlet file, to encourage it, but really it should map to the servlet eventually. fern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: webapp icons, disabling directory listings, and error-page tags in web.xml
OK. I apologize, i must have a 3.1. So how could we get this behavior with 4.x? :) thanx fern On Tue, 27 Feb 2001, Ignacio J. Ortega wrote: hey, I've heard this before, but have never found this StaticInterceptor in server.xml. I just tried to look for it in tomcat 4.x and 3.x and it's not there. I need more understanding... Tomcat 4.X does not use interceptors at all so it's difficult to found it there.. For Tomcat 3.2 and up Simply search it on the server.xml file it's there for sure, and with that name... Saludos , Ignacio J. Ortega - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Authentication to LDAP
get the source form tomcat 4.x, then go look at: // Realm interface src/catalina/src/share/org/apache/catalina/Realm.java // basic realm that most extend src/catalina/src/share/org/apache/catalina/realm/RealmBase.java // and other example realms ( where the LDAP, et al will live in ) src/catalina/src/share/org/apache/catalina/realm/* good luck fern On Mon, 26 Feb 2001, [iso-8859-1] Peter Andersén wrote: Hi I can be included on this. I have built a bean for doing contextless login into LDAP. It maybe could be useful for this, but i need to understand what do you need for the plugins to work. I have not been looking at this much so if someone could enlight my on the subject i could check. /Peter - Original Message - From: "Fernando Padilla" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, February 26, 2001 5:30 PM Subject: Re: Authentication to LDAP Tomcat 3.x uses Interceptors and thus the SecurityCheck. Tomcat 4.x uses Generalized Security handling code with pluggable Realm classes ( realms are access points into user authentication, authorization information ). Realms are pluggable under the conf/server.xml file. There is a SimpleRealm class, and a JDBCRealm class. Maybe someone should volunteer a JAASRealm and LDAPRealm for normal users to use... fern On Sun, 25 Feb 2001, Falcon cheetah wrote: Well, I extend SimpleRealm because I did not see securityCheck anywhere in the tomcat tree, and I assumed it was modified. And it works for me :) What is JAAS? And I am not sure if writing and intercepter qualifies as a project. I guess what we need to do is to get the wrox code to work for us and then modify it to do more general auth with ldap. I saw that there is a huge amount of bad coding in that wrox class and I am waiting to see it working so I would do a whole rewrite. I guess if you want us to launch a project for this we have to start putting the word on the tomcat-dev, rather than tomcat-users, someone would give us the heads on there. Regards. Ahmed. Martin Smith [EMAIL PROTECTED] wrote: OK, I've read over ldapAuthCheck.java (by Mark Wilcox, apparently.) I pretty well understand everything there, except I have a blank spot in knowledge of the Tomcat architecture. Which means I don't understand why you had to extend simpleRealm instead of securityCheck. Obviously, neither this class nor Tomcat implements JAAS. I'm assuming that's because they were built before JAAS was defined. They're also much simpler than the total pluggable-authentication-module framework implemented by JAAS. That's cool, since I don't need all that stuff anyhow. It's nice that the user name and password are just passed as strings in the call to checkPassword(), for example. So--What needs doing? I've never worked on a project so I don't know the rules. (The only thing I know I'd like to change is to add flexibility to use the "mail" attribute as the userID instead of the "UID" attribute.) Martin Falcon cheetah wrote: Martin, There is a good material about LDAP with Tomcat from Wrox's Professional JSP. There are two chapters that talk about this, and on chapter 15 they write a tomcat interceptor to do this task. I am currently trying to squeez sometime to test that. If you want to download the source code from their site and take a look at it. I know they have few issues with their interceptor. For example I had to make the class extend SimpleRealm instead of CheckSecurity. If you want to play with it and we can cooporate on expanding this code or put it in a seperate project if you want. If not I am glad to point out this great book to you and everyone else. Ahmed. Martin Smith wrote: I have been patiently lurking and waiting to see some news on the existence of a way to do Servlet container (ie Tomcat) authentication against an LDAP source of security info. I even posted an RFP at one of these freelancer sites (ants.com) to have one built. No credible responses. Limited though I am at programming java (or anything), I'm considering trying to build one myself. But I thought I'd ask one last time: is there a JNDI or LDAP Interceptor in the works anywhere? If not, any advice on the scope of the project? Do I just get the JDBCRealm source and analogize? (Sure hope we don't need threads! And callbacks sound hard, too.) TIA, martin - --- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] --
Re: *** Referring to a file or a directory from inside a jsp/servletor bean ???? ***
It all depends on what your code is. I'm assuming you're just using new File( relpath ), which should be relative to the user.dir system property, which should be Tomcat bin I suppose ( this is all educated guessing i tell you. ). Does knowing that help you? Your relative path should then be "../webapps/myapp/etc". Instead of getting to a file as such, you really should be using some of the file/resource accessors from ServletContext, so that it will be relative to the context root so that it's portable.. Look at ServletContext.getResource() and ServletContext.getResourceAsStream(). fern On Tue, 20 Feb 2001, Jonathan Asbell wrote: my web app directory structure is as follows: webapps/myapp/.. If I have a jsp and a bean in the root directory, and my bean refers to a file without a full path(ie. just the file name, no absolute or relative path), where does it loook for the ? WAIT. This happens in jsp/servlets AND beans. With jsp servlets the default directory should be the root directory of the app. The bean however seems to look for a file with an unqualified path in the /tomcat/bin/directory. I just want some rules of thumb to follow when I am using beans and jsp/servlets that read and write files. How should I refer to these external files. Where are their default directories in the context I mentioned above? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: formbased authentication: login.jsp is protected as well ?
I will have to further ask, how about content referenced from those pages? Such as images. Is there an easy way to say secure everything, except these directories? Is there a special role, "GUEST" or "ANONYMOUS" which we can assign the images directory... etc etc? fern On Tue, 20 Feb 2001, Randy Layman wrote: Either move to Tomcat 4.0 (both login and error pages are not protected, regardless of their location) or move all your webapp into a subdirectory except for the login page. They not be good choices, but they are the only choices that I know of. Randy -Original Message- From: paul marshal [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 20, 2001 10:04 AM To: tomcat-list Subject: formbased authentication: login.jsp is protected as well ? Hi ! I want to restrict access to the whole webApplication using formbased authentication. ( not just a subdirectory as I've seen it in all the examples ) Here is what I tried in web.xml: web-app !-- all the mappings etc. -- security-constraint web-resource-collection web-resource-nameadminConsole/web-resource-name descriptionAll adminConsole Pages/description url-pattern/*/url-pattern /web-resource-collection auth-constraint descriptionadmin console user/description role-nameadminConsoleUser/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/login_error.jsp/form-error-page /form-login-config /login-config /web-app The problem is, that the login.jsp that I configure in web.xml ( in login-config.../login-config is also part of the webApp and thereby also access restricted. So when the container tries to forward to the login.jsp it would be directed there again in an infinite loop. What really happens is that I get a server generated error message saying something similar to : "page moved." How can I protect the entire webApp ? Any help, ideas etc ?? Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: *** Referring to a file or a directory from inside a jsp/servletor bean ???? ***
well, you stumped me. I looked at the API and it said this: "Some containers may allow writing to the URL returned by this method using the methods of the URL class." So I'm hoping someone else can answer this about tomcat. -- So if you cannot use the URL accessors, as the API states. Then the next best this would be: new File( getServletContext().getRealPath( filereltoroot ) ); fern On Tue, 20 Feb 2001, Dominique BATARD wrote: ServletContext.getResourceAsStream() is perfect for reading a file. But what about writing a file ? Dom - Original Message - From: "Fernando Padilla" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; "Jonathan Asbell" [EMAIL PROTECTED] Sent: Tuesday, February 20, 2001 4:34 PM Subject: Re: *** Referring to a file or a directory from inside a jsp/servlet or bean *** It all depends on what your code is. I'm assuming you're just using new File( relpath ), which should be relative to the user.dir system property, which should be Tomcat bin I suppose ( this is all educated guessing i tell you. ). Does knowing that help you? Your relative path should then be "../webapps/myapp/etc". Instead of getting to a file as such, you really should be using some of the file/resource accessors from ServletContext, so that it will be relative to the context root so that it's portable.. Look at ServletContext.getResource() and ServletContext.getResourceAsStream(). fern - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Help: database user authentication how-to.
I've been looking at the code in Tomcat 3.2, there is no JDBCRealm present. Do I need to be looking at Tomcat 4.0? Apologies for the stupid question. fern On Thu, 15 Feb 2001, Christian Rauh wrote: Dear People, I am totally confused on how to proceed with the user authentication in my web application. I will try to state my problem briefly: I have a web application that has FORM security. I need to create a way for users to create an account that gives them access to the web application. Optimally, the user/password/role info should be stored in a database. How can this be done as closely as possible to the servlet/jsp specification? Is there a package written for this somewhere? I found something about JDBC real in the server.xml file, is it what I seek? Note that I also need this to be integrated with the web engine (Apache preferably). I have seen that app servers like weblogic´s have a user authentication scheme exactly like the one I seek but I want a non-proprietary, low cost solution. Any direction would be much appreciatted since I am really not knowing what to do regarding this matter. Thanks in advance, Christian Rauh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Help: database user authentication how-to.
Yes, it was a stupid question. Tomcat 4 does indeed have JDBCRealm. Sorry guys. fern On Thu, 15 Feb 2001, Fernando Padilla wrote: I've been looking at the code in Tomcat 3.2, there is no JDBCRealm present. Do I need to be looking at Tomcat 4.0? Apologies for the stupid question. fern On Thu, 15 Feb 2001, Christian Rauh wrote: Dear People, I am totally confused on how to proceed with the user authentication in my web application. I will try to state my problem briefly: I have a web application that has FORM security. I need to create a way for users to create an account that gives them access to the web application. Optimally, the user/password/role info should be stored in a database. How can this be done as closely as possible to the servlet/jsp specification? Is there a package written for this somewhere? I found something about JDBC real in the server.xml file, is it what I seek? Note that I also need this to be integrated with the web engine (Apache preferably). I have seen that app servers like weblogic´s have a user authentication scheme exactly like the one I seek but I want a non-proprietary, low cost solution. Any direction would be much appreciatted since I am really not knowing what to do regarding this matter. Thanks in advance, Christian Rauh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: loading oracle drivers from classes12.zip?
I believe so. The story is that the Web App Spec states that it will load .jar files, not .zip files from the Web App lib directory ( even though they're essentially the same ). People here have suggested to simple rename the file from calsses12.zip to classes12.jar. You could also unpack it and rejar it. Hope this helps. fernando On Fri, 9 Feb 2001, John Coonrod wrote: Has anyone been able to get the oracle thin drivers to load from the zip file rather than having to unpack them - when running tomcat on an nt server? Dr. John Coonrod, Vice President, [EMAIL PROTECTED] The Hunger Project, 15 East 26th Street, NY, NY 10010 www.thp.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: FormBased Authentication properties
This might seem as pestering, but how do we setup user and role
definitions for tomcat to authenticate against? I tried looking through
the Tomcat Documentation, but maybe I didn't try hard enough.
fernando
On Thu, 8 Feb 2001, Craig R. McClanahan wrote:
Johnson Lim wrote:
Hello,
I have tried to using formbased authentication, i have several question on
it (please help):
1. Do the authentication is set to use "j_securitycheck" ? How can we change
it ?
It is actually "j_security_check". And no, you cannot change it, because it is
required by the servlet specification to have this value.
since I don't see any parameter to set on redirect page name (do it
must index.html/jsp) can we redirect to other pages after the authetication
?
You don't set the "redirect page" at all.
The whole idea of form based authentication is that it works like this:
* You ask for a URL that happens to be protected by a security constraint.
* The server sees that you have not authenticated yet, so it
saves your original request and shows you the form login page
* After you log in successfully, the server restores your *original*
request and executes it, giving you the page that you originally
asked for.
Thus, you will never need to explicitly refer to your login page (from other
pages in your app at all). The server will automatically use it whenever
necessary.
2. Where should I change if i want to get out the roles info (as session)
for my future need info?
What information are you trying to acquire?
If a user has been authenticated, you can call request.getRemoteUser() to get
the authenticated username, or request.isUserInRole() to see if the current user
is in a particular role. For example, you might be building a menu JSP page,
and want to include a certain set of menu options only if the current user is a
manager. You can do something like this:
% if (request.isUserInRole("manager")) { %
... show the manager menu options
% } %
If you use roles to protect access to complete pages (in a security constraint),
you don't need to do anything at all in your pages -- the server will
automatically disallow access to users who are not authenticated, or who do not
possess the correct role.
Note that all of this stuff works the same for BASIC authentication as well.
Thanks for the help.
Regards
Johnson
Craig McClanahan
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
RE: Even simpler... where do I put oracle drivers?
Yes that is part of the J2EE Web Application Spec. On Tue, 6 Feb 2001, Carles Pi-Sunyer wrote: To make this work for me, I've had to change the name of the file from class111.zip to classes111.jar. It appears that only files with the .jar extension are automatically picked up and added to the classpath in the Web-inf/lib directory. Works fine for us putting our jar files in our projects Web-inf/lib/ folder. Carles Pi-Sunyer Stario, Inc. http://www.stario.com [EMAIL PROTECTED] 408 844-8333 ex:326 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Trouble with web.xml P.S.
I was wondering about that. I just finished reading the Servlet Specification and they made no mention of Init Params under the servlet element. And I wondered how they interacted with Init Params at the context level. You're saying that the servlet init params completely over shadow the context init params? fern On Sun, 28 Jan 2001, William Brogden wrote: Matt Campbell wrote: Hi All, this is an addition to my last post, a bit more info in case its any use. I've just tried to run TOMCAT_HOME/webapps/examples/WEB-INF/classes/SnoopServlet.class after un-commenting its init-params in TOMCAT_HOME/webapps/examples/WEB-INF/web.xml The servlet runs fine, except that it doesnt find its init-params. I have made no changes except for un-commenting those params. Why wont it find them?? Cheers Matt Ah yes - this annoying little quirk. If you address SnoopServlet.class directly as above, Tomcat does NOT associate it with the entry in web.xml therefore you don't get init params. If you address it as snoop - the alias that the web.xml sets up with: servlet servlet-name snoop /servlet-name servlet-class SnoopServlet /servlet-class init-param param-namefoo/param-name param-valuebar/param-value /init-param /servlet then you will get the init params - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
