• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Authorization using Servlets

 
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone

I am making a project in which i want a separate welcome page for group of users. I know i have to use the "IsUserInRole" concept. But wherever i search i just get a spinet of the xml (<security-role-mapping>).
Can anybody give me a proto-type example of how to implement it actually.

Thanks in Advance!!!
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A user can have more than one security role, so that isn't a good key to select a welcome/home page. Also, you should be aware that when the webapp-controlled login processes, it doesn't automatically direct one to a "welcome page", it directs one to whatever page was requested that required the login. Which is actually better if you like to "favorite" secured pages, since it allows the user to go directly to what's needed.

Probably a better way to select a welcome page is to maintain a list (for example, a database table) that associates a user with a particular welcome page (as well as any other general user-specific characteristics you might want). The welcome page could then select content based on a lookup of this information.

As I said, selection of a welcome page is not automatic, so this assumes that either the user has been directed to go to a secured home page or that you have added login-detection logic that will override the normal operation and redirect to a welcome page (at which time you can select which page to redirect to using the above tactic). There is no specific J2EE "login event" that can be listened to, since in cases with Single Signon, login might occur external to the webapp, but the next best thing is to look for changes in the HttpServletRequest getRemoteUser() in a ServletListener.
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim for your valuable comments. I have just got a spinet related to programmatic security in web applications. I have never implemented security in my application....The code is as follows :


I am not able to understand its concept fully...The foremost question is how will we assign a particular "username" to its corresponding " role "...

"IsUserInRole" method is understandable but where is the information to be stored which can tell that this set of users will have that type of roles.

I hope i am able to put my question clearly ... Thanks !!
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That depends on the servlet container you're using. For Tomcat, the options are describe here: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:That depends on the servlet container you're using. For Tomcat, the options are describe here: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html



Thanks Ulf Dittmer ..
 
Tarun Oohri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tarun Oohri wrote:

Ulf Dittmer wrote:That depends on the servlet container you're using. For Tomcat, the options are describe here: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html



Thanks Ulf Dittmer ..but Isn't it a tedious task to write all the users in the tomcat server file. Say, if we have a million users then we have to do billion entries in the server file and assign their roles...Any other alternative to this ?

 
Tim Holloway
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A Realm is a plugin component that (usually) references a security role and credential database.

The term "database" here is very abstract, since the actual information may be accessed by just about any mechanism you can think of, including LDAP, web services, data files (such as tomcat-users.xml), and DBMS's.

DBMS's and Active Directory/LDAP are the most common ways, but I've done web service interfaces and even written custom Realm modules of my own.
 
I've never won anything before. Not even a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic