> I thought about that... and I would like to set up a role in
> tomcat-users to accomplish that. However, I don't want the user to have
> to log in, rather I want to have my "guard" servlet authenticate the
> user and then forward the request with the role filled in
> programmatically. However, I can't find in the docs how Tomcat knows
> whether the user has logged in yet, so I can't programmatically fill in
> the user name.
>
> Can someone direct me to the documentation (or source code) that looks
> for the user/role?
>
Well, the servlet can set attributes on the user's session and latter you can
check whether this attributes have been set, you can even know whether it's a
new session or an older one.
There is a book 'moreservlets ans jsp' thar explains it very well, but is a
sage of 'core servlets and jsp', that is entirely in 'www.moreservlets.com'.
Any way, I send you a snippet of code where I verify and set something in the
session ....
/** Processes requests for both HTTP <code>GET</code> and <code>POST</code>
methods.
* @param request servlet request
* @param response servlet response
*/
protected void processRequest(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
HttpSession session = request.getSession(true);
try{
aUser usr = new aUser();
if( usr.IsAValidUser(username, password) )
{
UserSession user = (UserSession)session.getAttribute("user");
if ( user == null)
{
user = new UserSession();
user.setIsLogged(true);
user.setIsClient(true);
session.setAttribute("user", user);
}
else
{
user.setIsLogged(true);
user.setIsClient(true);
}
}
}
catch(Exception e)
{
........;
}
.......... ;
}
Hope this help ....
Andrew
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
