You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Meder Bakirov <ba...@transfer.kg> on 2002/07/31 12:25:57 UTC
Realm reuse howto!
Hello mighty all!
I just wanted to ask: is it possible to reuse realms in my own jsps or
servlets?
I have configured form-based authentication, using JDBCRealm. I have a
login.jsp with necessary fields. After an authorization, can I reuse (e.g.
call them using getParameter() or by another way) j_username and j_password
fields in my own index.jsp (or other jsp files)?
Here is, what I want to do:
I have a SQL table users with columns (username, password, id). JDBCRealm
checks user in this table. So, when authorization is succesfull, I want to
get these values(username, password) and use them in my query (SELECT id FROM
users WHERE username='<j_username_value>' AND password='<j_password>') and
show some statistics info for that user, without reasking him to identify
himself again.
Thank you very much!
Rgrds.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Realm reuse howto!
Posted by Ben Walding <be...@walding.com>.
1. Storing passwords in the database is considered bad form, consider
using a one way hash like MD5.
2. Is the user name a unique key? (I've seen systems that consider
using user / password as the unique key... and it's a feature!)
3. If the answer to 2 is yes, you can just do request.getRemoteUser()
to retrieve the user (string that was entered) that is logged in (null
if no-one is).
Not exactly what you were looking for, but possibly close enough.
Meder Bakirov wrote:
>Hello mighty all!
>
>I just wanted to ask: is it possible to reuse realms in my own jsps or
>servlets?
>
>I have configured form-based authentication, using JDBCRealm. I have a
>login.jsp with necessary fields. After an authorization, can I reuse (e.g.
>call them using getParameter() or by another way) j_username and j_password
>fields in my own index.jsp (or other jsp files)?
>
>Here is, what I want to do:
>
>I have a SQL table users with columns (username, password, id). JDBCRealm
>checks user in this table. So, when authorization is succesfull, I want to
>get these values(username, password) and use them in my query (SELECT id FROM
>users WHERE username='<j_username_value>' AND password='<j_password>') and
>show some statistics info for that user, without reasking him to identify
>himself again.
>
>Thank you very much!
>
>Rgrds.
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Realm reuse howto!
Posted by Meder Bakirov <ba...@transfer.kg>.
Thank you very much! It worked, so now can make any queries!
Wohoo, Java Rules!
В письме от 31 Июль 2002 22:27 Craig R. McClanahan написал(а):
> On Wed, 31 Jul 2002, Meder Bakirov wrote:
> > Date: Wed, 31 Jul 2002 16:25:57 +0600
> > From: Meder Bakirov <ba...@transfer.kg>
> > Reply-To: Tomcat Users List <to...@jakarta.apache.org>,
> > bakirov@transfer.kg
> > To: tomcat-user@jakarta.apache.org
> > Subject: Realm reuse howto!
> >
> > Hello mighty all!
> >
> > I just wanted to ask: is it possible to reuse realms in my own jsps or
> > servlets?
> >
> > I have configured form-based authentication, using JDBCRealm. I have a
> > login.jsp with necessary fields. After an authorization, can I reuse
> > (e.g. call them using getParameter() or by another way) j_username and
> > j_password fields in my own index.jsp (or other jsp files)?
> >
> > Here is, what I want to do:
> >
> > I have a SQL table users with columns (username, password, id). JDBCRealm
> > checks user in this table. So, when authorization is succesfull, I want
> > to get these values(username, password) and use them in my query (SELECT
> > id FROM users WHERE username='<j_username_value>' AND
> > password='<j_password>') and show some statistics info for that user,
> > without reasking him to identify himself again.
> >
> > Thank you very much!
>
> Once a user has been authenticated (by requesting a protected URL), you
> can call request.getRemoteUser() to get the username. The password isn't
> visible, however -- but you really shouldn't be building queries based on
> it anyway.
>
> > Rgrds.
>
> Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Realm reuse howto!
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Wed, 31 Jul 2002, Meder Bakirov wrote:
> Date: Wed, 31 Jul 2002 16:25:57 +0600
> From: Meder Bakirov <ba...@transfer.kg>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>,
> bakirov@transfer.kg
> To: tomcat-user@jakarta.apache.org
> Subject: Realm reuse howto!
>
> Hello mighty all!
>
> I just wanted to ask: is it possible to reuse realms in my own jsps or
> servlets?
>
> I have configured form-based authentication, using JDBCRealm. I have a
> login.jsp with necessary fields. After an authorization, can I reuse (e.g.
> call them using getParameter() or by another way) j_username and j_password
> fields in my own index.jsp (or other jsp files)?
>
> Here is, what I want to do:
>
> I have a SQL table users with columns (username, password, id). JDBCRealm
> checks user in this table. So, when authorization is succesfull, I want to
> get these values(username, password) and use them in my query (SELECT id FROM
> users WHERE username='<j_username_value>' AND password='<j_password>') and
> show some statistics info for that user, without reasking him to identify
> himself again.
>
> Thank you very much!
>
Once a user has been authenticated (by requesting a protected URL), you
can call request.getRemoteUser() to get the username. The password isn't
visible, however -- but you really shouldn't be building queries based on
it anyway.
> Rgrds.
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>