This might seem as pestering, but how do we setup user and role
definitions for tomcat to authenticate against? I tried looking through
the Tomcat Documentation, but maybe I didn't try hard enough.
fernando
On Thu, 8 Feb 2001, Craig R. McClanahan wrote:
>
>
> Johnson Lim wrote:
>
> > Hello,
> >
> > I have tried to using formbased authentication, i have several question on
> > it (please help):
> >
> > 1. Do the authentication is set to use "j_securitycheck" ? How can we change
> > it ?
>
> It is actually "j_security_check". And no, you cannot change it, because it is
> required by the servlet specification to have this value.
>
> > since I don't see any parameter to set on redirect page name (do it
> > must index.html/jsp) can we redirect to other pages after the authetication
> > ?
> >
>
> You don't set the "redirect page" at all.
>
> The whole idea of form based authentication is that it works like this:
> * You ask for a URL that happens to be protected by a security constraint.
> * The server sees that you have not authenticated yet, so it
> saves your original request and shows you the form login page
> * After you log in successfully, the server restores your *original*
> request and executes it, giving you the page that you originally
> asked for.
>
> Thus, you will never need to explicitly refer to your login page (from other
> pages in your app at all). The server will automatically use it whenever
> necessary.
>
> >
> > 2. Where should I change if i want to get out the roles info (as session)
> > for my future need info?
> >
>
> What information are you trying to acquire?
>
> If a user has been authenticated, you can call request.getRemoteUser() to get
> the authenticated username, or request.isUserInRole() to see if the current user
> is in a particular role. For example, you might be building a menu JSP page,
> and want to include a certain set of menu options only if the current user is a
> manager. You can do something like this:
>
> <% if (request.isUserInRole("manager")) { %>
> ... show the manager menu options
> <% } %>
>
> If you use roles to protect access to complete pages (in a security constraint),
> you don't need to do anything at all in your pages -- the server will
> automatically disallow access to users who are not authenticated, or who do not
> possess the correct role.
>
> Note that all of this stuff works the same for BASIC authentication as well.
>
> >
> > Thanks for the help.
> >
> > Regards
> > Johnson
> >
>
> Craig McClanahan
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
