aspose file tools*
The moose likes JSP and the fly likes tomcat-users.xml login Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "tomcat-users.xml login" Watch "tomcat-users.xml login" New topic
Author

tomcat-users.xml login

Wilson Gordon
Ranch Hand

Joined: Apr 07, 2007
Posts: 89
Currently I am using tomcat-users.xml and also enabled SSL for login on my local test computer. I can login and logout without problem using a form.

Is there a way to get the tomcat user name which I used to login and display it on the page (ex. something like "Welcome, user")? Also, how can I show a "Logout" link only when a user is logged in using this method?

In a week or two I hope to make a login system using a database instead of the tomcat-users.xml file.

Thanks in advanced.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42282
    
  64
Is there a way to get the tomcat user name which I used to login and display it on the page (ex. something like "Welcome, user")?


The HttpServletRequest.getRemoteUser method gives you that information.

Also, how can I show a "Logout" link only when a user is logged in using this method?


Once you have established that valid credentials have been passed (e.g., by checking that the above-mentioned method returns a valid user name), you can set a boolean request attribute, which the JSP page can check and act on accordingly.


Ping & DNS - my free Android networking tools app
Wilson Gordon
Ranch Hand

Joined: Apr 07, 2007
Posts: 89
Thanks for the info, Ulf. I will give that a try.
Wilson Gordon
Ranch Hand

Joined: Apr 07, 2007
Posts: 89
I added these codes to my header include but for some reason the "Logout" link shows up all the time. Any idea?

I tried the codes below too but doesn't work also:


[ April 08, 2007: Message edited by: Wilson Gordon ]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61429
    
  67

What's being returned from the remote user method?

Just my opinion, but if you're going to be replacing the builtin login with your own database-driven system, I'd not waste too much more time on this. You could have your own system up and running in no time flat.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Wilson Gordon
Ranch Hand

Joined: Apr 07, 2007
Posts: 89
${pageContext.request.remoteUser} does return the correct user name I used to log in.

BTW, is there a good tutorial out there about building my own login system?
[ April 08, 2007: Message edited by: Wilson Gordon ]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61429
    
  67

I'm talking about when you expect it to be empty...

Building your own is fairly simple. Store the username and password (as a one-way hash) in the DB. When the user logs in, hash the entered password and compare it to the stored value. If authentication succeeds, place information in the session stating so. This could be as simple as the user's name, or a more complicated structure with such information as the user's roles and allowed permissions within the application.

A servlet filter can be set up to check for this session "token". Should it not exist, a redirect to the login page prevents the access to the interior of the web app when not logged in.

A logout or session timeout removes the session token.

Ben Souther set up a simple example: http://simple.souther.us/not-so-simple.html (near bottom of page).
[ April 08, 2007: Message edited by: Bear Bibeault ]
Wilson Gordon
Ranch Hand

Joined: Apr 07, 2007
Posts: 89
When I am not logged in,



returns this:



---
Thanks for the info about the login system.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42282
    
  64
You can check for that by something like

<c:if test="${empty pageContext.request.remoteUser}">
...
</c:if>
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: tomcat-users.xml login