• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

tomcat-users.xml login

 
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Currently I am using tomcat-users.xml and also enabled SSL for login on my local test computer. I can login and logout without problem using a form.

Is there a way to get the tomcat user name which I used to login and display it on the page (ex. something like "Welcome, user")? Also, how can I show a "Logout" link only when a user is logged in using this method?

In a week or two I hope to make a login system using a database instead of the tomcat-users.xml file.

Thanks in advanced.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Is there a way to get the tomcat user name which I used to login and display it on the page (ex. something like "Welcome, user")?



The HttpServletRequest.getRemoteUser method gives you that information.

Also, how can I show a "Logout" link only when a user is logged in using this method?



Once you have established that valid credentials have been passed (e.g., by checking that the above-mentioned method returns a valid user name), you can set a boolean request attribute, which the JSP page can check and act on accordingly.
 
Wilson Gordon
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the info, Ulf. I will give that a try.
 
Wilson Gordon
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I added these codes to my header include but for some reason the "Logout" link shows up all the time. Any idea?

I tried the codes below too but doesn't work also:


[ April 08, 2007: Message edited by: Wilson Gordon ]
 
Sheriff
Posts: 67748
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What's being returned from the remote user method?

Just my opinion, but if you're going to be replacing the builtin login with your own database-driven system, I'd not waste too much more time on this. You could have your own system up and running in no time flat.
 
Wilson Gordon
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
${pageContext.request.remoteUser} does return the correct user name I used to log in.

BTW, is there a good tutorial out there about building my own login system?
[ April 08, 2007: Message edited by: Wilson Gordon ]
 
Bear Bibeault
Sheriff
Posts: 67748
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm talking about when you expect it to be empty...

Building your own is fairly simple. Store the username and password (as a one-way hash) in the DB. When the user logs in, hash the entered password and compare it to the stored value. If authentication succeeds, place information in the session stating so. This could be as simple as the user's name, or a more complicated structure with such information as the user's roles and allowed permissions within the application.

A servlet filter can be set up to check for this session "token". Should it not exist, a redirect to the login page prevents the access to the interior of the web app when not logged in.

A logout or session timeout removes the session token.

Ben Souther set up a simple example: http://simple.souther.us/not-so-simple.html (near bottom of page).
[ April 08, 2007: Message edited by: Bear Bibeault ]
 
Wilson Gordon
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When I am not logged in,



returns this:



---
Thanks for the info about the login system.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can check for that by something like

<c:if test="${empty pageContext.request.remoteUser}">
...
</c:if>
 
reply
    Bookmark Topic Watch Topic
  • New Topic