You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Martin O'Shea <ap...@dsl.pipex.com> on 2011/08/23 11:48:08 UTC

Logging in options in Tomcat 6.0.26

Hello

 

I wonder if anyone can advise? I am using Tomcat 6.0.26 in an application
with a MySQL 5.* back end database. 

 

Currently my users' username and userrole details are stored in the User
table of the database. 

 

At the moment though, there is no actual logging in facility in the
application. What I want is for users to be able to log in only when they
have to create content, and then for the login facility to be embedded in
the relevant pages, e.g. if a user posts a comment, they log in and then
return to the comment posting page. 

 

I can do this using my own look-up process to check a user's name and
password, but can this be done through the j_username and j_password
combination as part of Tomcat's:

 

<form method = "POST" action='<%= response.encodeURL("j_security_check") %>'
> 

 

Process? I do not want the application in question to be accessible only
through a log in page. 

 

There is no secure information held in the database and the users' passwords
are encrypted using MD5.

 

Thanks

 

Martin.

Re: Logging in options in Tomcat 6.0.26

Posted by Pid <pi...@pidster.com>.

On 23/08/2011 10:48, Martin O'Shea wrote:
> Hello
> 
> I wonder if anyone can advise? I am using Tomcat 6.0.26 in an application
> with a MySQL 5.* back end database. 
> 
> Currently my users' username and userrole details are stored in the User
> table of the database. 
> 
> At the moment though, there is no actual logging in facility in the
> application. What I want is for users to be able to log in only when they
> have to create content, and then for the login facility to be embedded in
> the relevant pages, e.g. if a user posts a comment, they log in and then
> return to the comment posting page. 
> 
> I can do this using my own look-up process to check a user's name and
> password, but can this be done through the j_username and j_password
> combination as part of Tomcat's:
> 
> <form method = "POST" action='<%= response.encodeURL("j_security_check") %>'
> 
> Process? I do not want the application in question to be accessible only
> through a log in page. 
> 
> There is no secure information held in the database and the users' passwords
> are encrypted using MD5.


Tomcat applies auth by checking the URL of the request.  So if you put
the comment form URL inside an area requiring auth, you'll get the
result you want.  It's up to you to handle the comment form redirection.

If you configure FORM auth with the following URL secured:

 /account/*

you could make:

 /account/add_comment

the URl for, well, adding a comment.

Tomcat will then ask a user to login before they can submit to the form.


p