jQuery in Action, 2nd edition*
The moose likes Servlets and the fly likes How to handle Security in a Webapp with a JDBCRealm Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to handle Security in a Webapp with a JDBCRealm" Watch "How to handle Security in a Webapp with a JDBCRealm" New topic
Author

How to handle Security in a Webapp with a JDBCRealm

Robert Krieg
Greenhorn

Joined: Aug 27, 2008
Posts: 9
Hello everybody

I'm reading a lot about Webapp Security in the Moment and I try to implement this the official way with <security-constraint> and Realms and so on.

I have two parts in my Webapp I need to secure

URLPattern:
/command/admin/*
and
/command/client/*

My Problem is: Can I use different Login-Pages for this two Sections? Something like multiple <login-config>?

Because the login-form for my clients is on the main page of the website. But the login-form for the admins is not there. Or shouldn't be there...

My second Problem is:

I have a mySQL Table for the Client's with Fields like "Id, Name, Phone, username, password" (and yet another table for the adminusers)

When I've logged in, how do I recognize which user is logged in? Because I need this data like Phonenumber etc. Does the Container store the Data from the Usertable in the Session or something?...


Greetings Robert
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41045
    
  43
If you use the built-in security, then you only get a single login page.

You can find out about the logged-in user through methods in the HttpServletRequest, specifically getRemoteUser, getUserPrincipal and isUserInRole.


Ping & DNS - my free Android networking tools app
Robert Krieg
Greenhorn

Joined: Aug 27, 2008
Posts: 9
Are there any tutorials, best practices how to handle security without the built-in way? Because this doesn't fit to my needs.

Maybee with a Servlet Filter?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to handle Security in a Webapp with a JDBCRealm
 
Similar Threads
Target login page after timeout
Basic form-based authentication question...
security constraint with jsp forward
Context Path Still Won't Display an Image
EJB and Security (JAAS)