You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kevin Fonner <ke...@fonner.net> on 2001/05/01 20:38:20 UTC
Re: single login form for single sign on
I am new to servlets and Tomcat and I was looking at how to authenticate
users with my webapps. Is this JDBCRealm the best way to do this or is
there a better way anybody suggest. If so where can I get info and samples
on this.
Thanks in advance,
Kevin
----- Original Message -----
From: "Craig R. McClanahan" <cr...@apache.org>
To: <to...@jakarta.apache.org>
Sent: Tuesday, May 01, 2001 1:36 AM
Subject: Re: single login form for single sign on
>
>
> On Thu, 22 Mar 2001, Manish wrote:
>
> > Also can someone explain me when my authentication is successful using
> > JDBCRealm , how do I get the role information, cause only two attributes
> > are set for the session (username and password). Do I have to go back in
> > the roles table to get the role info or they are stored in someway in
> > the session.
> >
>
> This answer is late, but I'm assuming "better late than never" ...
>
> If a user has been successfully authenticated, then you can access role
> information in one of two ways:
>
> * You can define a security constraint that requires a certain role
> before the request URI will be processed for this user. If the user
> tries to access a prohibited page, they will receive a 501 error
> ("forbidden").
>
> * You can programmatically ask if the currently authenticated user
> has a certain role by saying something like:
>
> if (request.isUserInRole("manager")) {
> ... this user is a manager ...
> }
>
> The JDBCRealm implementation takes care of reading the required
> information from the roles table in the database for you. There is
> nothing your application needs to worry about for this.
>
> > TIA
> >
> > --
> > Manish Poddar
> > Paycom.net
> > 310-827-5880 x 327
> > 818-415-7447 (m)
> >
> >
>
> Craig McClanahan
>
>