Re: single login form for single sign on

[Kevin Fonner <ke...@fonner.net>]

I am new to servlets and Tomcat and I was looking at how to authenticate
users with my webapps.  Is this JDBCRealm the best way to do this or is
there a better way anybody suggest.  If so where can I get info and samples
on this.

Thanks in advance,
Kevin

----- Original Message -----
From: "Craig R. McClanahan" <cr...@apache.org>
To: <to...@jakarta.apache.org>
Sent: Tuesday, May 01, 2001 1:36 AM
Subject: Re: single login form for single sign on


>
>
> On Thu, 22 Mar 2001, Manish wrote:
>
> > Also can someone explain me when my authentication is successful using
> > JDBCRealm , how do I get the role information, cause only two attributes
> > are set for the session (username and password). Do I have to go back in
> > the roles table to get the role info or they are stored in someway in
> > the session.
> >
>
> This answer is late, but I'm assuming "better late than never" ...
>
> If a user has been successfully authenticated, then you can access role
> information in one of two ways:
>
> * You can define a security constraint that requires a certain role
>   before the request URI will be processed for this user.  If the user
>   tries to access a prohibited page, they will receive a 501 error
>   ("forbidden").
>
> * You can programmatically ask if the currently authenticated user
>   has a certain role by saying something like:
>
>     if (request.isUserInRole("manager")) {
>       ... this user is a manager ...
>     }
>
> The JDBCRealm implementation takes care of reading the required
> information from the roles table in the database for you.  There is
> nothing your application needs to worry about for this.
>
> > TIA
> >
> > --
> > Manish Poddar
> > Paycom.net
> > 310-827-5880 x 327
> > 818-415-7447 (m)
> >
> >
>
> Craig McClanahan
>
>