This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I am making a project in which i want a separate welcome page for group of users. I know i have to use the "IsUserInRole" concept. But wherever i search i just get a spinet of the xml (<security-role-mapping>).
Can anybody give me a proto-type example of how to implement it actually.
A user can have more than one security role, so that isn't a good key to select a welcome/home page. Also, you should be aware that when the webapp-controlled login processes, it doesn't automatically direct one to a "welcome page", it directs one to whatever page was requested that required the login. Which is actually better if you like to "favorite" secured pages, since it allows the user to go directly to what's needed.
Probably a better way to select a welcome page is to maintain a list (for example, a database table) that associates a user with a particular welcome page (as well as any other general user-specific characteristics you might want). The welcome page could then select content based on a lookup of this information.
As I said, selection of a welcome page is not automatic, so this assumes that either the user has been directed to go to a secured home page or that you have added login-detection logic that will override the normal operation and redirect to a welcome page (at which time you can select which page to redirect to using the above tactic). There is no specific J2EE "login event" that can be listened to, since in cases with Single Signon, login might occur external to the webapp, but the next best thing is to look for changes in the HttpServletRequest getRemoteUser() in a ServletListener.
Customer surveys are for companies who didn't pay proper attention to begin with.
Joined: Feb 20, 2013
Thanks Tim for your valuable comments. I have just got a spinet related to programmatic security in web applications. I have never implemented security in my application....The code is as follows :
I am not able to understand its concept fully...The foremost question is how will we assign a particular "username" to its corresponding " role "...
"IsUserInRole" method is understandable but where is the information to be stored which can tell that this set of users will have that type of roles.
I hope i am able to put my question clearly ... Thanks !!
Thanks Ulf Dittmer ..but Isn't it a tedious task to write all the users in the tomcat server file. Say, if we have a million users then we have to do billion entries in the server file and assign their roles...Any other alternative to this ?
A Realm is a plugin component that (usually) references a security role and credential database.
The term "database" here is very abstract, since the actual information may be accessed by just about any mechanism you can think of, including LDAP, web services, data files (such as tomcat-users.xml), and DBMS's.
DBMS's and Active Directory/LDAP are the most common ways, but I've done web service interfaces and even written custom Realm modules of my own.