Getting the remote user would be request.getRemoteUser() ;
I would imagine other fields could be added to the database table, but
the webapp would be responsible for loading the remaining data into a
session or whatever is needed. Tomcat will only offer the username and
an accurate response to request.isUserInRole( "rolename" ) ;
--David
Propes, Barry L wrote:
to add to my question earlier below, would it be something as simple as?
String juser= (String) request.getAttribute("j_username");
Granted I have no idea what the session attribute is under the hood, only know
that j_username is the input name for the user_name.
I was thinking with that info, I could then run a select query to extract the
role_name from an additional joined table to authenticate a step further. Does
what I am explaining make sense? Forgive me if not.
When I say additional table, I mean one in addition to the user_name and
user_roles table that Tomcat requires for the form login security constraint to
work.
-----Original Message-----
From: Propes, Barry L
Sent: Thursday, August 17, 2006 11:13 AM
To: Tomcat Users List
Subject: Security constraint/login form
I realize that in Tomcat (I'm using 4.1.3 and 4.0.1 by the way -- a version on
a prod. server and one ony my desktop) that you can create the simple table
titled users and configure it in the server.xml file and then likewise
configure the web.xml file's security constraint properties.
My question is, can you add other columns to the table and then do a join on
another table as to further enhance security?
If so, what is involved, and how involved is it?
Thanks!
Barry
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
