You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by martin <ma...@cht.com.tw> on 2003/05/30 05:21:53 UTC
A Question about Realm
Dear all.
I am from taiwan,I have some questions in using tomcat.
I have configured a realm to protect a web application and set it's web.xml like below.
I using a Form(auth.jsp) to authenticate users.I have two questions.
1. What the contents of auth.jsp should be ? What 's the values of action and input's name shoud be ?
<form name="authForm" method="post" action="??">
<input type="text" value="username" /> =>is this right ?
<input type="password" value="password" /> =>is this right ?
</form>
2. After the user is authenticated, how can I get the user's username,password,and role in other pages ?
It's my first time to ask question here, and please exceuse my poor English.
Thanks a lot.
--------
piece of web.xml file
<security-constraint>
<web-resource-collection>
<web-resource-name>Apress Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>apressuser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/auth.jsp</form-login-page>
<form-error-page>/err.htm</form-error-page>
</form-login-config>
<realm-name>Apress Application</realm-name>
</login-config>
Re: A Question about Realm
Posted by Bill Barker <wb...@wilshire.com>.
1) Assuming that auth.jsp is configured as your login-page:
<form name="authForm" method="post" action="j_security_check">
<input type="text" value="j_username" />
<input type="password" value="j_password" />
</form>
2) You can't (portably) get the password. If you have a way to look it up
from the userName, then use that. You can get the username from
'request.getRemoteUser()', and can test roles with
'request.isUserInRole(role)'. You can also look at
'request.getUserPrincipal()'.
"martin" <ma...@cht.com.tw> wrote in message
news:00b501c3265a$9e1d0540$8e1f900a@martinp42800...
Dear all.
I am from taiwan,I have some questions in using tomcat.
I have configured a realm to protect a web application and set it's web.xml
like below.
I using a Form(auth.jsp) to authenticate users.I have two questions.
1. What the contents of auth.jsp should be ? What 's the values of action
and input's name shoud be ?
<form name="authForm" method="post" action="??">
<input type="text" value="username" /> =>is this right ?
<input type="password" value="password" /> =>is this right ?
</form>
2. After the user is authenticated, how can I get the user's
username,password,and role in other pages ?
It's my first time to ask question here, and please exceuse my poor English.
Thanks a lot.
--------
piece of web.xml file
<security-constraint>
<web-resource-collection>
<web-resource-name>Apress Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>apressuser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/auth.jsp</form-login-page>
<form-error-page>/err.htm</form-error-page>
</form-login-config>
<realm-name>Apress Application</realm-name>
</login-config>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org