you can do this one of 2 ways 1)create a bunch of tables which have entities defined like users and roles and such this way you can look up the user which has a specific 'role' or user is defined within a group which has certain 'role' this solution is probably the closest to your current effort.. 2)Look at a security management package such as jetspeed which will define your roles define groups define users then..define which role (capabilities) do the groups and or users support Take a look at http://portals.apache.org/jetspeed-2/getting-started.html Pay close attention to how to configure Jetspeed as a servlet engine HTH, Martin-- ----- Original Message ----- From: "Rapthor" <[EMAIL PROTECTED]> To: <users@tomcat.apache.org> Sent: Wednesday, March 29, 2006 3:06 PM Subject: Re: Get JDBCRealm's current user
> > Sorry, here's what I do: > > I have a web application and used Tomcat's Authentication mechanism called > JDBCRealm. I had to edit server.xml to do so (this is not really the details > I entered, it's just an example): > > <Realm className="org.apache.catalina.realm.JDBCRealm" > driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver" > connectionURL="jdbc:microsoft:sqlserver://kebab.ucsd.edu:1433" > connectionName="CSE135_XX" connectionPassword="XXXXXXXX" > userTable="users" userNameCol="user_name" userCredCol="user_pass" > userRoleTable="user_roles" roleNameCol="role_name" /> > > Then I created the according tables: > > create table users > ( > user_name varchar(15) not null primary key, > user_pass varchar(15) not null > ); > > create table user_roles > ( > user_name varchar(15) not null, > role_name varchar(15) not null, > primary key( user_name, role_name ) > ); > > There is a user admin in the table "users" with "admin_role" (in the table > user_roles). There are other users with other names and other roles. > > The web.xml got these additional entries: > > <security-constraint> > <web-resource-collection> > <web-resource-name>SecurePages</web-resource-name> > <description>Security constraint /secure</description> > <url-pattern>/secure/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/loginerror.jsp</form-error-page> > </form-login-config> > </login-config> > <security-role> > <role-name>admin</role-name> > </security-role> > > > This is everything (or at least the most important things) I had to do to > configure everything. Now what I want to know is, which user is logged in at > a certain moment ... I want to know it when I create JSPs for example to > show the user's name (equal to the name in the users table). > > Do you know what I meant to achieve? I don't want to get the database's > user, which would be "CSE135_XX" in the above JDBCRealm example ... > -- > View this message in context: > http://www.nabble.com/Get-JDBCRealm%27s-current-user-t1341315.html#a3657607 > Sent from the Tomcat - User forum at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
