1. Storing passwords in the database is considered bad form, consider using a one way hash like MD5. 2. Is the user name a unique key? (I've seen systems that consider using user / password as the unique key... and it's a feature!) 3. If the answer to 2 is yes, you can just do request.getRemoteUser() to retrieve the user (string that was entered) that is logged in (null if no-one is).
Not exactly what you were looking for, but possibly close enough. Meder Bakirov wrote: >Hello mighty all! > >I just wanted to ask: is it possible to reuse realms in my own jsps or >servlets? > >I have configured form-based authentication, using JDBCRealm. I have a >login.jsp with necessary fields. After an authorization, can I reuse (e.g. >call them using getParameter() or by another way) j_username and j_password >fields in my own index.jsp (or other jsp files)? > >Here is, what I want to do: > >I have a SQL table users with columns (username, password, id). JDBCRealm >checks user in this table. So, when authorization is succesfull, I want to >get these values(username, password) and use them in my query (SELECT id FROM >users WHERE username='<j_username_value>' AND password='<j_password>') and >show some statistics info for that user, without reasking him to identify >himself again. > >Thank you very much! > >Rgrds. > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
