> I thought about that... and I would like to set up a role in > tomcat-users to accomplish that. However, I don't want the user to have > to log in, rather I want to have my "guard" servlet authenticate the > user and then forward the request with the role filled in > programmatically. However, I can't find in the docs how Tomcat knows > whether the user has logged in yet, so I can't programmatically fill in > the user name. > > Can someone direct me to the documentation (or source code) that looks > for the user/role? >
Well, the servlet can set attributes on the user's session and latter you can check whether this attributes have been set, you can even know whether it's a new session or an older one. There is a book 'moreservlets ans jsp' thar explains it very well, but is a sage of 'core servlets and jsp', that is entirely in 'www.moreservlets.com'. Any way, I send you a snippet of code where I verify and set something in the session .... /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * @param request servlet request * @param response servlet response */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); HttpSession session = request.getSession(true); try{ aUser usr = new aUser(); if( usr.IsAValidUser(username, password) ) { UserSession user = (UserSession)session.getAttribute("user"); if ( user == null) { user = new UserSession(); user.setIsLogged(true); user.setIsClient(true); session.setAttribute("user", user); } else { user.setIsLogged(true); user.setIsClient(true); } } } catch(Exception e) { ........; } .......... ; } Hope this help .... Andrew --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]