You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by is_maximum <mn...@gmail.com> on 2007/07/02 08:45:50 UTC
a question about user athentication
Hi experts
I am using Tomcat 5.5 and struts framework and security filter
in order to authenticate users like the others I am using j_security_check
action
but my problem is that I have a field in my user table namely status which
represent whether the user is available or deleted by administrator
the problem is even if it is deleted the tomcat will authenticate and let
that user to sign in, how can I put a condition like "where status = 0" to
prevent the other users to be signed in?
in secirity filter we only specify field names of the table as follows:
<realm-param name="userNameCol" value="userName" />
<realm-param name="userCredCol" value="password" />
any comment would be of a great help
thanks
--
View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11388743
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: a question about user athentication
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: is_maximum [mailto:mnrz57@gmail.com]
> Subject: Re: a question about user athentication
>
> I mean is there any way to specialize this authentication
> method for one application and for the others it remains
> as its default
Read the doc:
http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html
"You may nest a Realm inside any Catalina container (Engine, Host, or
Context). In addition, Realms associated with an Engine or a Host are
automatically inherited by lower-level containers, unless explicitly
overridden."
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: a question about user athentication
Posted by is_maximum <mn...@gmail.com>.
Pid-2 wrote:
>
> Have a look at JDBCRealm (or DatasourceRealm) in the Tomcat Source.
> You could alter the SQL statement for password or username so it fails
> when '... status = 0'.
>
> Upload a jar with your new realm in it to server/lib and configure the
> realm as a replacement for the one in your server.xml.
>
> p
>
>
thanks but how about if I have more than one project deployed on my tomcat?
I mean is there any way to specialize this authentication method for one
application and for the others it remains as its default
--
View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11391841
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: a question about user athentication
Posted by Pid <p...@pidster.com>.
is_maximum wrote:
> Hi experts
>
> I am using Tomcat 5.5 and struts framework and security filter
> in order to authenticate users like the others I am using j_security_check
> action
> but my problem is that I have a field in my user table namely status which
> represent whether the user is available or deleted by administrator
>
> the problem is even if it is deleted the tomcat will authenticate and let
> that user to sign in, how can I put a condition like "where status = 0" to
> prevent the other users to be signed in?
>
> in secirity filter we only specify field names of the table as follows:
>
> <realm-param name="userNameCol" value="userName" />
> <realm-param name="userCredCol" value="password" />
Have a look at JDBCRealm (or DatasourceRealm) in the Tomcat Source.
You could alter the SQL statement for password or username so it fails
when '... status = 0'.
Upload a jar with your new realm in it to server/lib and configure the
realm as a replacement for the one in your server.xml.
p
> any comment would be of a great help
>
> thanks
RE: a question about user athentication
Posted by is_maximum <mn...@gmail.com>.
Thank you all for replying
I wanted to prevent the users who were deleted already to logging in.
I resolve my problem by extending a class from JDBCRealm and override the
getConnection() method (I'm not sure about the method name) and put my
"select" statement with my favorite where clause
"where status = 0 and username = ?"
and in security-filter.xml I declared my class instead of tomcat's JDBCRealm
thank you again
--
View this message in context: http://www.nabble.com/a-question-about-user-athentication-tf4010274.html#a11454885
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org