I'm doing this as follows:
when the user enters their password and username, if they match a record in
the database I write their username to a bean with session scope. I also set
a boolean value representing whether or not the user has been authenticated.
Each of the JSP's then starts with a check for the username/boolean value in
the bean.
If this condition is passed, the code for the rest of the page is run,
otherwise the user is redirected back to the login page.
I'm sure theres plenty of other ways too, but this one works fine for me.
Heres my code for the processing the login: (I'm also using a bean for
database acces etc)
.
.
.
<jsp:useBean id="logon" scope="session" class="Logon" />
<jsp:useBean id="db" scope="application" class="DbUtilities" />
.
.
.
db.setDbUrl("jdbc:odbc:mydsn");
String sql="SELECT * FROM users";
//execute the statement and store the results in a ResultSet:
rs = db.runSqlQuery(sql);
//Get the userName from the request:
if(request.getParameter("userName") != null)
{
userName = request.getParameter("userName");
password = request.getParameter("password");
}
//redirect the user back to the login page
//if they're not authenticated:
redirectURL = "../login.htm";
//Search for User's Record:
String user;
String pass;
while(rs.next())
{
user = rs.getString("UserName");
pass = rs.getString("Password");
if ((user.equals(userName)) && (pass.equals(password)))
{
//user is registered, so redirect them to the main app
page:
redirectURL = "../week.htm";
logon.setUserName(userName);
logon.setFirstName(rs.getString("FirstName"));
logon.setLastName(rs.getString("LastName"));
logon.setSecure();
}
}
db.close();
%>
.
.
.
//user is then redirected to the page set in redirectURL variable here....
You can then do a test in each JSP/servlet for either the existence of a
username or the value of logon.getSecure and redirect the user back to the
login page if necessary:
hope this helps
Paul
> -----Original Message-----
> From: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
> Sent: 06 July 2001 06:38
> To: [EMAIL PROTECTED]
> Subject: Restricting resources on web server
>
>
> Hi all,
> How can i restrict resources like Servlets/JSPs from
> unauthenticated users
> under Tomcat envoronment...
> I posted this Q in tomcat users list ...but got no good reponse...
> my crieteria is like this...
>
> I have 10 JSPs under webapps/myCon/jsp folder in Tomcat..
> One of them is Login.jsp...which does authentication of user...
> i check the username and password(i get these values from
> form) against DB..
> Once the user is authenticated only...I want to give access
> to remaining
> JSPs..
> But he/she should not access any JSP unless authenticated by
> Login.jsp...
>
> Any help would be appriciated...
>
> -raj-
> A servlet geek
>
> ______________________________________________________________
> _____________
> To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources:
> http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
