RE: a question about user athentication
to prevent the other users to be signed on? Do you mean prevent from locking them out? I've got a similar deal in my db with the users table, a column called user_dbflag, which, like your status column, uses a simple int value of -1 or 0 to see who's active. Actually, it also has a timestamp column to verify who has changed their password and when they change it the dbflag column value changes from -1 to 0. In one of my SQL statements, I have the condition to allow the user to see (and submit/enact on) the JSP in question. If they're allowed, they can see the whole thing. If not, Tomcat will throw a 500 (specifically Exhausted ResultSet) error. In that case, I catch the exception and notify the user by printing to the browser a message telling them their user role does not properly match or their password has been deactivated. In reality, the user account or password is never deleted from the db table. Let me know if you need more info on this. -Original Message- From: is_maximum [mailto:[EMAIL PROTECTED] Sent: Monday, July 02, 2007 1:46 AM To: users@tomcat.apache.org Subject: a question about user athentication Hi experts I am using Tomcat 5.5 and struts framework and security filter in order to authenticate users like the others I am using j_security_check action but my problem is that I have a field in my user table namely status which represent whether the user is available or deleted by administrator the problem is even if it is deleted the tomcat will authenticate and let that user to sign in, how can I put a condition like where status = 0 to prevent the other users to be signed in? in secirity filter we only specify field names of the table as follows: realm-param name=userNameCol value=userName / realm-param name=userCredCol value=password / any comment would be of a great help thanks -- View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11388743 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: a question about user athentication
Thank you all for replying I wanted to prevent the users who were deleted already to logging in. I resolve my problem by extending a class from JDBCRealm and override the getConnection() method (I'm not sure about the method name) and put my select statement with my favorite where clause where status = 0 and username = ? and in security-filter.xml I declared my class instead of tomcat's JDBCRealm thank you again -- View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11454885 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: a question about user athentication
is_maximum wrote: Hi experts I am using Tomcat 5.5 and struts framework and security filter in order to authenticate users like the others I am using j_security_check action but my problem is that I have a field in my user table namely status which represent whether the user is available or deleted by administrator the problem is even if it is deleted the tomcat will authenticate and let that user to sign in, how can I put a condition like where status = 0 to prevent the other users to be signed in? in secirity filter we only specify field names of the table as follows: realm-param name=userNameCol value=userName / realm-param name=userCredCol value=password / Have a look at JDBCRealm (or DatasourceRealm) in the Tomcat Source. You could alter the SQL statement for password or username so it fails when '... status = 0'. Upload a jar with your new realm in it to server/lib and configure the realm as a replacement for the one in your server.xml. p any comment would be of a great help thanks smime.p7s Description: S/MIME Cryptographic Signature
Re: a question about user athentication
Pid-2 wrote: Have a look at JDBCRealm (or DatasourceRealm) in the Tomcat Source. You could alter the SQL statement for password or username so it fails when '... status = 0'. Upload a jar with your new realm in it to server/lib and configure the realm as a replacement for the one in your server.xml. p thanks but how about if I have more than one project deployed on my tomcat? I mean is there any way to specialize this authentication method for one application and for the others it remains as its default -- View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11391841 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: a question about user athentication
From: is_maximum [mailto:[EMAIL PROTECTED] Subject: Re: a question about user athentication I mean is there any way to specialize this authentication method for one application and for the others it remains as its default Read the doc: http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html You may nest a Realm inside any Catalina container (Engine, Host, or Context). In addition, Realms associated with an Engine or a Host are automatically inherited by lower-level containers, unless explicitly overridden. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]