Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to handle Security in a Webapp with a JDBCRealm

 
Robert Krieg
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everybody

I'm reading a lot about Webapp Security in the Moment and I try to implement this the official way with <security-constraint> and Realms and so on.

I have two parts in my Webapp I need to secure

URLPattern:
/command/admin/*
and
/command/client/*

My Problem is: Can I use different Login-Pages for this two Sections? Something like multiple <login-config>?

Because the login-form for my clients is on the main page of the website. But the login-form for the admins is not there. Or shouldn't be there...

My second Problem is:

I have a mySQL Table for the Client's with Fields like "Id, Name, Phone, username, password" (and yet another table for the adminusers)

When I've logged in, how do I recognize which user is logged in? Because I need this data like Phonenumber etc. Does the Container store the Data from the Usertable in the Session or something?...


Greetings Robert
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you use the built-in security, then you only get a single login page.

You can find out about the logged-in user through methods in the HttpServletRequest, specifically getRemoteUser, getUserPrincipal and isUserInRole.
 
Robert Krieg
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are there any tutorials, best practices how to handle security without the built-in way? Because this doesn't fit to my needs.

Maybee with a Servlet Filter?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic