RE: isUserInRole
Hi Denny, I don't hav much idea abt NTLM, still... Hav u stored roles and the associated users in that file. Hav u specified that file as the file which contains user details in server.xml file... Check those things... Joby Joseph Wipro Technologies Plot No.72, KEONICS Electronics City, Hosur Main Road, Bangalore- 560 100. India Tel:+91-80-28520408; 5122 Extn:82332 www.wipro.com -Original Message- From: Denny Lee [mailto:[EMAIL PROTECTED] Sent: Monday, February 07, 2005 9:40 PM To: tomcat-user@jakarta.apache.org Subject: RE: isUserInRole Hello Joby, My problem is not getting user name and logging in but rather I can't get the user's role using the function isUserInRole(). For whatever reason isUserInRole always returns a false. I tried isUserInRole(admin), isUserInRole(Administrarors), isUserInRole(Users) but I get false for all of them. I am trying to restrict some web pages to only allow administrator access. I can't put the user name and role in an xml file or using a database because of my company's security policy. I have to get the data from NTLM. Thanks again for your help. Forwarded Message Subject:RE: isUserInRole Date: Mon, 7 Feb 2005 08:46:40 +0530 From: [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Plain Text Attachment [ Download File | Save to my Yahoo! Briefcase ] Hi Denny, To get user name... do as follows... %@ page import=java.security.Principal % And use in ur code as... % Principal p = request.getUserPrincipal(); out.println(p.getName()); % will print the name of the current user... Joby Joseph Wipro Technologies Plot No.72, KEONICS Electronics City, Hosur Main Road, Bangalore- 560 100. India Tel:+91-80-28520408; 5122 Extn:82332 www.wipro.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments.
RE: isUserInRole
Hi Denny, To get user name... do as follows... %@ page import=java.security.Principal % And use in ur code as... % Principal p = request.getUserPrincipal(); out.println(p.getName()); % will print the name of the current user... Joby Joseph Wipro Technologies Plot No.72, KEONICS Electronics City, Hosur Main Road, Bangalore- 560 100. India Tel:+91-80-28520408; 5122 Extn:82332 www.wipro.com -Original Message- From: Denny Lee [mailto:[EMAIL PROTECTED] Sent: Friday, February 04, 2005 9:20 PM To: tomcat-user@jakarta.apache.org; Joby Joseph (WT01 - TELECOM SOLUTIONS) Subject: isUserInRole Joby, Thanks for you reply. I have not tried request.isUserInRole(Denny). I was under the impression that role has to do with being admin or user. I can get the user name through the request.getRemoteUser() but I am still stuck with the role thing. ___ Subject: RE: isUserInRole question Date: Fri, 4 Feb 2005 08:35:22 +0530 From: [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Plain Text Attachment [ Download File | Save to my Yahoo! Briefcase ] Hi Denny, U hav to use request.isUserInRole(Denny) to compare whether the user logged in is Denny or not Joby. -Original Message- From: Mario Winterer [mailto:[EMAIL PROTECTED] Sent: Friday, February 04, 2005 3:13 AM To: Tomcat Users List Subject: Re: isUserInRole question Hi Denny! Which Realm do you use in server.xml? What are your web.xml-settings? Please post your configurations!!! Tex Hello, Thanks for your reply. When I use IE to bring up the page I get a dialogbox asking for user name and password. If I put in a user name and password of a user on the workstation I can login. The page shows the correct user name and says that I have successfully logged in. But I get 2 false for the isUserInRole statements. I don't know why that is the case. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: isUserInRole question
Hi Denny,
U hav to use request.isUserInRole(Denny) to compare whether the user
logged in is Denny or not
Joby.
-Original Message-
From: Mario Winterer [mailto:[EMAIL PROTECTED]
Sent: Friday, February 04, 2005 3:13 AM
To: Tomcat Users List
Subject: Re: isUserInRole question
Hi Denny!
Which Realm do you use in server.xml? What are your web.xml-settings?
Please post your configurations!!!
Tex
Hello,
Thanks for your reply. When I use IE to bring up the
page I get a dialogbox asking for user name and
password. If I put in a user name and password of a
user on the workstation I can login. The page shows
the correct user name and says that I have
successfully logged in. But I get 2 false for the
isUserInRole statements. I don't know why that is the
case.
Thanks.
-
Hi!
I'm not sure, but I think your code is OK. The
question is: How did you
configure your security realm in web.xml and
server.xml.
(request.isUserInRole only works, if the user has
already been
authenticated against the web server.)
Best regards,
Tex
Hello,
I am trying to use isUserInRole in an app within
Tomcat. The problem is that I consistently get false
as the return regardless of what I pass in. I am
using J2SE 1.4.2_06 and Tomcat 5.0. Here is the code
and any help would be great:
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class NtlmHttpAuthExample extends HttpServlet
{
public void doGet( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
PrintWriter out = resp.getWriter();
resp.setContentType( text/html );
out.println( HTMLHEADTITLENTLM HTTP
Authentication Example/TITLE/HEADBODY );
out.println( h2NTLM HTTP Authentication
Example/h2 );
out.println( req.getRemoteUser() +
successfully logged in );
out.println(req.isUserInRole(admin));
out.println(br-);
out.println(req.isUserInRole(Administrators));
out.println( h3Please submit some form
data
using POST/h3 );
out.println( form
action=\NtlmHttpAuthExample\ method=\post\ );
out.println( input type=\text\
name=\field1\ size=\20\/ );
out.println( input type=\submit\/ );
out.println( /form );
out.println( field1 = + req.getParameter(
field1 ));
out.println( /BODY/HTML );
}
public void doPost( HttpServletRequest req,
HttpServletResponse resp ) throws
IOException, ServletException {
doGet( req, resp );
}
}
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Confidentiality Notice
The information contained in this electronic message and any attachments to
this message are intended
for the exclusive use of the addressee(s) and may contain confidential or
privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL
PROTECTED] immediately
and destroy all copies of this message and any attachments.
How to make my error page in the case of BASIC JDBC realm
Hi, I am using Tomcat 5.x. I am using BASIC JDBC Realm. I want to make my own error page as the error page in the case of HTTP Status 401 error. This error comes when I click on Cancel button when the realm asks for user name and password. Any one knowing this stuff, kindly reply. Thanks in advance. Joby Joseph. Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments.
