is_maximum wrote:
Hi expertsI am using Tomcat 5.5 and struts framework and security filter in order to authenticate users like the others I am using j_security_checkaction but my problem is that I have a field in my user table namely status whichrepresent whether the user is available or deleted by administrator the problem is even if it is deleted the tomcat will authenticate and let that user to sign in, how can I put a condition like "where status = 0" to prevent the other users to be signed in? in secirity filter we only specify field names of the table as follows: <realm-param name="userNameCol" value="userName" /> <realm-param name="userCredCol" value="password" />
Have a look at JDBCRealm (or DatasourceRealm) in the Tomcat Source.You could alter the SQL statement for password or username so it fails when '... status = 0'.
Upload a jar with your new realm in it to server/lib and configure the realm as a replacement for the one in your server.xml.
p
any comment would be of a great help thanks
smime.p7s
Description: S/MIME Cryptographic Signature
