ok, well that certainly helps and gives very good direction! Thank you, David!
-----Original Message----- From: David Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, August 17, 2006 2:02 PM To: Tomcat Users List Subject: Re: Security constraint/login form Getting the remote user would be request.getRemoteUser() ; I would imagine other fields could be added to the database table, but the webapp would be responsible for loading the remaining data into a session or whatever is needed. Tomcat will only offer the username and an accurate response to request.isUserInRole( "rolename" ) ; --David Propes, Barry L wrote: >to add to my question earlier below, would it be something as simple as? > >String juser= (String) request.getAttribute("j_username"); > >Granted I have no idea what the session attribute is under the hood, only know >that j_username is the input name for the user_name. > >I was thinking with that info, I could then run a select query to extract the >role_name from an additional joined table to authenticate a step further. Does >what I am explaining make sense? Forgive me if not. > >When I say additional table, I mean one in addition to the user_name and >user_roles table that Tomcat requires for the form login security constraint >to work. > > > >-----Original Message----- >From: Propes, Barry L >Sent: Thursday, August 17, 2006 11:13 AM >To: Tomcat Users List >Subject: Security constraint/login form > > >I realize that in Tomcat (I'm using 4.1.3 and 4.0.1 by the way -- a version on >a prod. server and one ony my desktop) that you can create the simple table >titled users and configure it in the server.xml file and then likewise >configure the web.xml file's security constraint properties. > >My question is, can you add other columns to the table and then do a join on >another table as to further enhance security? > >If so, what is involved, and how involved is it? > >Thanks! > >Barry > > >--------------------------------------------------------------------- >To start a new topic, e-mail: users@tomcat.apache.org >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
