You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christian Hargraves <CH...@webmiles.com> on 2001/04/25 20:58:15 UTC

RE: JDBCRealm Question--Never Mind..thanks for your help


-----Original Message-----
From: Christian Hargraves [mailto:CHargraves@webmiles.com]
Sent: Wednesday, April 25, 2001 12:47 PM
To: 'tomcat-user@jakarta.apache.org'
Subject: RE: JDBCRealm Question


Thank you very much for your help Jeff.

Can I see the important part of your login.jsp page too? That's the missing
link.
I think if we can get the password, encrypt it, then have JDBCRealm handle
it, it will work.

Thanks a ton for your help.

-----Original Message-----
From: Jeff Kilbride [mailto:jeff@kilbride.com]
Sent: Wednesday, April 25, 2001 12:43 PM
To: tomcat-user@jakarta.apache.org
Subject: Re: JDBCRealm Question


Hi Christian,

Here's an example of my login-config setup to use HTML forms:

------------------------
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Private Authentication Area</realm-name>
    <form-login-config>
        <form-login-page>/login/login.jsp</form-login-page>
        <form-error-page>/login/error.jsp</form-error-page>
    </form-login-config>
</login-config>
------------------------

With this setup, all attempts to access docs in my protected area get
redirected to /login/login.jsp. All login errors go to /login/error.jsp.

I'm not sure about encrypted passwords. You may have to take a look at the
class that implements the JDBCRealm and do some customization -- encrypt the
password before the call is made to the DB. I'm also not sure what session
object it creates.

There's a simple example in the examples.war package that comes with the
distribution. If you have the examples package in your TOMCAT_HOME/webapps
directory, the path to the example is /webapps/examples/jsp/security. The
web.xml entries are in /webapps/examples/WEB-INF/web.xml.

Thanks,
--jeff

----- Original Message -----
From: "Christian Hargraves" <ch...@webmiles.com>
To: <to...@jakarta.apache.org>
Sent: Wednesday, April 25, 2001 8:17 AM
Subject: JDBCRealm Question


> I have read the JDBCRealm.howto file, but I still have a few questions.
>
> in the application's web.xml file there is a login-config tag.
>
> 1) What do I set the login-config tag in the web.xml file to so that it
will
> use JDBCRealm?
> 2) We have encrypted passwords. How would we configure JDBCRealm to
> handle them?
> 3) What session object does JDBCRealm create and what is the name of
session
> object it creates once authenticated.
> 4) Is there an example app out there that uses an HTML form to handle the
> authentication?
>
> Thanks so much for all of your time
>
> Christian
>