That's one way of doing it, but what if you want to use container-provided auth, and methods like isUserInRole getUserPrincipal etc....
And Rick, this relates to your other question about FORM AUTH and session timeout. I'm fairly certain that if you expire your session, then you are no longer authenticated. For sure it works that way with BASIC. Have you tried already, and you know it doesn't work the same for FORM? If it works as expected, then (Michael M) what you might consider is on the servlet that 'upgrades' the user from trial to 'not trial' invalidate the session, and redirect to a protected page. This would make the container authenticate the user again, meaning the user would need to login again, but at least they would be kicked out of their old role. > -----Original Message----- > From: Rick Roberts [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 10, 2003 9:00 AM > To: Tomcat Users List > Subject: Re: How to make Tomcat reread user's role from database > > > Assuming I understand your problem: > > You may want to try populating a session object from the > database and then > update that session object when the user changes his role > info. Then use the > session object to make decisions, rather than need to re-read > the database each > time. > > > Michael Mattox wrote: > > My website uses a subscription based service, and we're > using WorldPay > > (similar to PayPal I believe) to handle the credit card > billing. I've > > defined roles for each of the subscription levels: > > > > trial > > trial_expired > > bronze > > silver > > gold > > > > The problem is when a trial user registers, they become > > bronze/silver/gold but until they logout and log back in, Tomcat > > thinks they're in the old role. Is it possible to make > Tomcat reread > > the user's role from the database? If not, is there a way > to log the > > user out so they'll have to log back in again? I'm curious > how others > > are handling this, it seems like it'd be a common problem. > > > > Thanks, > > Michael > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > -- > ******************************************* > * Rick Roberts * > * Advanced Information Technologies, Inc. * > ******************************************* > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
