Thats what I know but how can I achieve that a user has atomaticaly a role named "guest" and if a user is logged in how can I achieve that he can log in again cause I can't access the loginpage direct cause of tomcat?
-----Ursprungliche Nachricht----- Von: Ted Husted [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 27. November 2001 19:09 An: Struts Users Mailing List Betreff: Re: AW: JDBCRealm JDBCRealm is container managed security, so you set it up through the container (web.xml). >From the container's viewpoint, everyone who is not logged in is going through the anonymous Web user "account". From your application's viewpoint, they would not be logged in at all, and have no role. The Artimus application is setup to use container managed security with Tomcat. It is not using JDBCRealm, but the application itself would not be set up differently if it were. http://husted.com/struts/resources/artimus.zip With JDBCRealm, the logins and roles are kept in a SQL database, instead of a configuration file. The advantage of JDBCRealm is that your application can access the same JDBC database that Tomcat uses, so you can add additional users. Once you add them, then Tomcat can see them too. In this web.xml block, the /do/admin area is constrained to users with the roles manager, editor, or contributor. Everyone else, including anonymous users, would have access denied (by the container). All the application has to do is route access to the constrained files through a constrained URI. <!-- Declarative Security --> <security-constraint> <web-resource-collection> <web-resource-name>Administrative</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/do/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>manager</role-name> <role-name>editor</role-name> <role-name>contributor</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>EBasic Authentication Area</realm-name> </login-config> storck wrote: > > How can I set a default-user ? There is no setUserPrincipal or some like > that. > > I have a webapp with 2 sections. One for all and one secure area. In the > secure area users with role guest should be able to see the websites too but > not all content. What I dont want is that a guest has to enter login and > password. For that a default-user should be set. If he wants to see all > content he has to register and login. > > -----Ursprungliche Nachricht----- > Von: David Winterfeldt [mailto:[EMAIL PROTECTED]] > Gesendet: Dienstag, 27. November 2001 18:19 > An: Struts Users Mailing List > Betreff: Re: JDBCRealm > > To retrieve the user name once they are logged in. > > request.getUserPrincipal().getName(); > > David > > --- Scott Edwards <[EMAIL PROTECTED]> wrote: > > My understanding of the Tomcat 4 JDBC Realm is that > > you don't get to > > access it from within your application. Only Tomcat > > gets to access it. > > However, the servlet 2.3 spec provides APIs whereby > > you can get the > > username that the user logged in under and then use > > that to find any > > information you need about that user. > > > > Not sure what you are trying to accomplish, but I > > hope that might help a > > little. > > > > -Scott > > > > storck wrote: > > > > >Hi, > > > > > >does someone know how i get acces to the > > (JDBC)Realm within struts ? > > > > > > > > >-- > > >To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > >For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > > > > > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. > http://geocities.yahoo.com/ps/info1 > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
