You can use the Realms security infrastructure of Tomcat to achieve
what you are trying to do - you will need to modify your web.xml file, but
its pretty easy.
http://jakarta.apache.org/cvsweb/index.cgi/jakarta-tomcat/src/doc/
is the documentation for Tomcat in the CVS repository. A quick glance there
shows a howto for the JDBCRealm (authenticating against a database).
Randy
> -----Original Message-----
> From: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 05, 2001 9:33 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: User login logging (JDBC authentication)
>
>
> Hi randy,
> I would appreciate your patience...
> I am coming from first...
> This is my prblem....
> I have 10 JSPs under myCon/jsp folder in Tomcat..
> One of them is Login.jsp...which does authentication of user...
> i check the username and password against data which lies in SQLServer
> 7.0...
> Once the user is authenticated only...I want to give access
> to remaining
> JSPs..
> But he/she should not access any JSP unless authenticated by
> Login.jsp...
> This is my problem...
> what is your best possible solution....
> Is it anyway related to Java or Tomcat security?
> If yes, how can i achieve it?
> Or is there any other way around to achieve it...
>
> Thanks for listening...
> -raj-
>
>
> -----Original Message-----
> From: Randy Layman [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 05, 2001 6:18 PM
> To: [EMAIL PROTECTED]
> Subject: RE: User login logging (JDBC authentication)
>
>
>
> From IIS you can only set the access to Tomcat as a whole, not
> individually. Tomcat controls access to the individual resources (IIS
> doesn't know what they are).
>
> You can view (and modify) the username and password in
> the session,
> I think the session field names are j_security_username and
> j_security_password, but don't remember right now - you can
> get a session
> object back for a secured user and then iterate over the fields.
>
> Randy
>
> > -----Original Message-----
> > From: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 05, 2001 9:11 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: User login logging (JDBC authentication)
> >
> >
> > Hi Randy and all,
> > if that is the case where can i set username and password....
> > And one more thing, i am using tomcat with IIS ...can i restrict
> > resources(JSPs and Servlets) on
> > tomcat from IIS...
> > Any help would be appreciated....
> > -raj-
> >
> > -----Original Message-----
> > From: Randy Layman [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 05, 2001 5:32 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: User login logging (JDBC authentication)
> >
> >
> >
> > What is happening is that Tomcat is using the user's credentials
> > (username/password) in the Session to authenticate. If they
> > are not there
> > or invalid, then the user is prompted to log in again.
> >
> > Randy
> >
> > > -----Original Message-----
> > > From: Mark Muffett [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, July 05, 2001 8:33 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: User login logging (JDBC authentication)
> > >
> > >
> > > Raj and all
> > >
> > > I've managed to make the changes (very easy), but of course
> > > it doesn't work
> > > exactly as I wanted it.... (isn't life always like that...)
> > >
> > > I've got a database which is filling up fast since a new log
> > > gets written to
> > > it every time a user accesses a new page (probably about 100
> > > times each
> > > session).
> > >
> > > Tomcat clearly knows what a session is (since it doesn't ask
> > > the user to log
> > > in again for each page) - any idea where it does this?
> > >
> > > Thanks for any help.
> > >
> > > Mark
> > >
> > > ----- Original Message -----
> > > From: "Rajehswar V. Rao" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, July 05, 2001 12:21 PM
> > > Subject: RE: User login logging (JDBC authentication)
> > >
> > >
> > > > Hi Mark and all,
> > > > I think my situation is also almost same....
> > > > I have set of JSPs under my \myContext\jsp...
> > > > I dont want to give access to the users to these JSPs once
> > > they have been
> > > > authnticated...
> > > > One of the JSPs authenticate the user....
> > > > please do help...
> > > > -raj-
> > > >
> > > > -----Original Message-----
> > > > From: Mark Muffett [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, July 04, 2001 1:59 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: User login logging (JDBC authentication)
> > > >
> > > >
> > > > Sorry! - found it now (in tomcat_modules.jar).
> > > >
> > > > Mark
> > > >
> > > > ----- Original Message -----
> > > > From: "Mark Muffett" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>; "Antony Bowesman"
> > > <[EMAIL PROTECTED]>
> > > > Sent: Wednesday, July 04, 2001 8:37 AM
> > > > Subject: Re: User login logging (JDBC authentication)
> > > >
> > > >
> > > > > Antony
> > > > >
> > > > > Many thanks for the suggestion, but where can I find this
> > > - I've looked
> > > > > through the jar files in the common and container
> directories of
> > > > > $TOMCAT_HOME/lib, but nothing stands out. Maybe I've
> missed it?
> > > > >
> > > > > Any help appreciated.
> > > > >
> > > > > Thanks
> > > > >
> > > > > Mark
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Antony Bowesman" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Thursday, June 28, 2001 4:58 PM
> > > > > Subject: Re: User login logging (JDBC authentication)
> > > > >
> > > > >
> > > > > > Mark Muffett wrote:
> > > > > > >
> > > > > > > Any ideas how best to log succesful (or unsuccesful)
> > > logins via
> > > > > > > JDBC authentication. The big problem is that the
> > > user may have
> > > > > > > bookmarked any one of a number of protected pages,
> > > and it isn't
> > > > > > > practical to put code on each of them.
> > > > > >
> > > > > > Just change the JDBC realm authenticate() method to log
> > > the result of
> > > > > > the authentication.
> > > > > >
> > > > > > Antony
> > > > > >
> > > > >
> > > >
> > >
> >
>
