tomcat-users.xml login

Currently I am using tomcat-users.xml and also enabled SSL for login on my local test computer. I can login and logout without problem using a form.

Is there a way to get the tomcat user name which I used to login and display it on the page (ex. something like "Welcome, user")? Also, how can I show a "Logout" link only when a user is logged in using this method?

In a week or two I hope to make a login system using a database instead of the tomcat-users.xml file.

Thanks in advanced.

Is there a way to get the tomcat user name which I used to login and display it on the page (ex. something like "Welcome, user")?

The HttpServletRequest.getRemoteUser method gives you that information.

Also, how can I show a "Logout" link only when a user is logged in using this method?

Once you have established that valid credentials have been passed (e.g., by checking that the above-mentioned method returns a valid user name), you can set a boolean request attribute, which the JSP page can check and act on accordingly.

Thanks for the info, Ulf. I will give that a try.

I added these codes to my header include but for some reason the "Logout" link shows up all the time. Any idea?

I tried the codes below too but doesn't work also:

[ April 08, 2007: Message edited by: Wilson Gordon ]

What's being returned from the remote user method?

Just my opinion, but if you're going to be replacing the builtin login with your own database-driven system, I'd not waste too much more time on this. You could have your own system up and running in no time flat.

${pageContext.request.remoteUser} does return the correct user name I used to log in.

BTW, is there a good tutorial out there about building my own login system?
[ April 08, 2007: Message edited by: Wilson Gordon ]

I'm talking about when you expect it to be empty...

Building your own is fairly simple. Store the username and password (as a one-way hash) in the DB. When the user logs in, hash the entered password and compare it to the stored value. If authentication succeeds, place information in the session stating so. This could be as simple as the user's name, or a more complicated structure with such information as the user's roles and allowed permissions within the application.

A servlet filter can be set up to check for this session "token". Should it not exist, a redirect to the login page prevents the access to the interior of the web app when not logged in.

A logout or session timeout removes the session token.

Ben Souther set up a simple example: http://simple.souther.us/not-so-simple.html (near bottom of page).
[ April 08, 2007: Message edited by: Bear Bibeault ]

When I am not logged in,

returns this:

---
Thanks for the info about the login system.

You can check for that by something like

<c:if test="${empty pageContext.request.remoteUser}">
...
</c:if>