hi morten You can very well take the power of tomcat which helps you to authenticate in basic JDBC Realm or memory Reams or Userdatabase Realm. and you can use the request object's method called getremoteuser() to get the user name used for authentication by the user.Ensure the user name is unique for this purpose. regards sat ----- Original Message ----- From: "Morten Andersen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 26, 2003 5:01 PM Subject: Authentication - based on request parameters
> I've developed a authentication mechanism on my own because I could not > figure out how to make authentication based on some request - parameters. > > This is what I've implemented: > > Whenever the user makes a request, the "site" parameter plus the path is > used to figure out whether the user has the rights to access the path on > that site. If not I sent him to a login - page, and after that back to the > initially requested page. > For instance: > 1) The user requests: myTomcat:8080/MyApp/saveEditedPage.action?site=MySite > 2) I figure out whether saveEditedPage needs login. If it does, then I > check whether the user has previously logged in. If not the user is sent to > the login page. > 3) When the user has logged in. The rights for the user for the > site="MySite" is checked. If the user may enter he is sent the request is > carried out. > > I have finally got it to work, but then it stroke me that I maybe could use > the built in security - mechanism in tomcat. Here is my idea: > > I make a subclass of - or wraps HttpServletRequest, with my own class that > overwrites the isUserInRole(String) method. So that the isUserInRole method > could use some of the parameters from the request to make the finegrained > access-control. (That is to use the "site" parameter). > > Does that sound possible or can't HttpServletRequest be subclassed like that? > Or am I just plain stupid and could have saved me from a lot of hours of > work by using a built in mechanism? > > > Ragards > > > Morten Andersen > Master of applied mathematics and computer science > Amanuensis (in e-learning) > > The Maersk Institute of Production technology at Southern Danish University > www.mip.sdu.dk > Campusvej 55 > DK-5230 Odense M > Denmark > +45 6550-3654 > +45 6171-1103 > Jabber id: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
