From: "Legolas Woodland" <[EMAIL PROTECTED]>
I used a simple login page + add a session variable after loged in
to check the security of my system . the login page test and if the
session variable be present it shows some other links like : edit profile
, orders
,.. and if the session variable is not present it will show the
user/password dialog.
all other pages check the same thing before they do any job
i store user name and passwords into database .
Is it the correct way ? is there any framework , tag library.... that
make the job easier and more advanced looking ?
If you want to take advantage of the 'user roles' of container managed
security, for example with the Struts <logic:present role="..."> tag or
Struts Menu to conditionally display menu items based on roles, here are a
couple of options:
With the user information already in a database, you might want to use
JDBCRealm or DataSourceRealm:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html
Another way is to put a Filter in front of your webapp and wrap the request
so you have control of the 'isUserInRole' method. There is some information
here...
http://wiki.wsmoak.net/cgi-bin/wiki.pl?TomcatRequestWrapper
There are other options... which one is best depends on your requirements.
If you don't expect this to get more complex than "logged in or not" then
what you're doing now with putting a 'user' object in the session is fine.
HTH,
--
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
