Hi
You can logout user by simply calling some action with session.invalidate() in it.

You are right - If you use Tomcat's authentication you are not able (and not need) to have an Action for it. However you can do some post login procedures (like putting your user object in session ) by having a Filter or Listener.

Also you might want take a look at SecurityFilter project on SourceForge
http://securityfilter.sourceforge.net/
This is replace for container managed authentication. more flexible I say.


Puneet Lakhina wrote:
On 10/7/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:

On 10/7/06, Puneet Lakhina <[EMAIL PROTECTED]> wrote:
> Hi, I found out that its possible to for me to restrict access to a
> particular action mapping to only a certain set of roles.
> The next thing that I found out about these roles is that this is
something
> I can configure in my web.xml.
> But what I am not able to understand is how do i set a user's role once
he
> logs in. My authentication is based on usernames and passwords in
database
> table. So where do i set a user's role.

It depends on how you are authenticating your users.

Tomcat has Realms you can configure to get the role information from a
database:  http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html

Another option is to add a Filter, wrap the request and override the
isUserInRole method.

--
Wendy

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Ok Now i figured the logging in part out. I post to a special name with
special names for the user name and password fields. (Does that mean i cant
use a struts action for authentication).Now how do i log off a user.  As in
when the user clicks on the logout link.

Im sorry my concepts of container managed security aren't that strong.



--
*************************************
Best Regards
Ilja


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to