Realm reuse howto!

[Meder Bakirov <ba...@transfer.kg>]

Hello mighty all!

I just wanted to ask: is it possible to reuse realms in my own jsps or 
servlets?

I have configured form-based authentication, using JDBCRealm. I have a 
login.jsp with necessary fields. After an authorization, can I reuse (e.g. 
call them using getParameter() or by another way) j_username and j_password 
fields in my own index.jsp (or other jsp files)?

Here is, what I want to do:

I have a SQL table users with columns (username, password, id). JDBCRealm 
checks user in this table. So, when authorization is succesfull, I want to 
get these values(username, password) and use them in my query (SELECT id FROM 
users WHERE username='<j_username_value>' AND password='<j_password>') and 
show some statistics info for that user, without reasking him to identify 
himself again.

Thank you very much!

Rgrds.


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Realm reuse howto!

[Ben Walding <be...@walding.com>]

1.  Storing passwords in the database is considered bad form, consider 
using a one way hash like MD5.
2.  Is the user name a unique key?  (I've seen systems that consider 
using user / password as the unique key... and it's a feature!)
3.  If the answer to 2 is yes,  you can just do request.getRemoteUser() 
 to retrieve the user (string that was entered) that is logged in (null 
if no-one is).

Not exactly what you were looking for, but possibly close enough.

Meder Bakirov wrote:

>Hello mighty all!
>
>I just wanted to ask: is it possible to reuse realms in my own jsps or 
>servlets?
>
>I have configured form-based authentication, using JDBCRealm. I have a 
>login.jsp with necessary fields. After an authorization, can I reuse (e.g. 
>call them using getParameter() or by another way) j_username and j_password 
>fields in my own index.jsp (or other jsp files)?
>
>Here is, what I want to do:
>
>I have a SQL table users with columns (username, password, id). JDBCRealm 
>checks user in this table. So, when authorization is succesfull, I want to 
>get these values(username, password) and use them in my query (SELECT id FROM 
>users WHERE username='<j_username_value>' AND password='<j_password>') and 
>show some statistics info for that user, without reasking him to identify 
>himself again.
>
>Thank you very much!
>
>Rgrds.
>
>
>--
>To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>  
>




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Realm reuse howto!

[Meder Bakirov <ba...@transfer.kg>]

Thank you very much! It worked, so now can make any queries!
Wohoo, Java Rules!

В письме от 31 Июль 2002 22:27 Craig R. McClanahan написал(а):
> On Wed, 31 Jul 2002, Meder Bakirov wrote:
> > Date: Wed, 31 Jul 2002 16:25:57 +0600
> > From: Meder Bakirov <ba...@transfer.kg>
> > Reply-To: Tomcat Users List <to...@jakarta.apache.org>,
> >      bakirov@transfer.kg
> > To: tomcat-user@jakarta.apache.org
> > Subject: Realm reuse howto!
> >
> > Hello mighty all!
> >
> > I just wanted to ask: is it possible to reuse realms in my own jsps or
> > servlets?
> >
> > I have configured form-based authentication, using JDBCRealm. I have a
> > login.jsp with necessary fields. After an authorization, can I reuse
> > (e.g. call them using getParameter() or by another way) j_username and
> > j_password fields in my own index.jsp (or other jsp files)?
> >
> > Here is, what I want to do:
> >
> > I have a SQL table users with columns (username, password, id). JDBCRealm
> > checks user in this table. So, when authorization is succesfull, I want
> > to get these values(username, password) and use them in my query (SELECT
> > id FROM users WHERE username='<j_username_value>' AND
> > password='<j_password>') and show some statistics info for that user,
> > without reasking him to identify himself again.
> >
> > Thank you very much!
>
> Once a user has been authenticated (by requesting a protected URL), you
> can call request.getRemoteUser() to get the username.  The password isn't
> visible, however -- but you really shouldn't be building queries based on
> it anyway.
>
> > Rgrds.
>
> Craig


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Realm reuse howto!

["Craig R. McClanahan" <cr...@apache.org>]

On Wed, 31 Jul 2002, Meder Bakirov wrote:

> Date: Wed, 31 Jul 2002 16:25:57 +0600
> From: Meder Bakirov <ba...@transfer.kg>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>,
>      bakirov@transfer.kg
> To: tomcat-user@jakarta.apache.org
> Subject: Realm reuse howto!
>
> Hello mighty all!
>
> I just wanted to ask: is it possible to reuse realms in my own jsps or
> servlets?
>
> I have configured form-based authentication, using JDBCRealm. I have a
> login.jsp with necessary fields. After an authorization, can I reuse (e.g.
> call them using getParameter() or by another way) j_username and j_password
> fields in my own index.jsp (or other jsp files)?
>
> Here is, what I want to do:
>
> I have a SQL table users with columns (username, password, id). JDBCRealm
> checks user in this table. So, when authorization is succesfull, I want to
> get these values(username, password) and use them in my query (SELECT id FROM
> users WHERE username='<j_username_value>' AND password='<j_password>') and
> show some statistics info for that user, without reasking him to identify
> himself again.
>
> Thank you very much!
>

Once a user has been authenticated (by requesting a protected URL), you
can call request.getRemoteUser() to get the username.  The password isn't
visible, however -- but you really shouldn't be building queries based on
it anyway.

> Rgrds.

Craig


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>