Comments on: Setup your own Tomcat security realm http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/ Writing about my experiences with technology and all different kinds of projects and experiments Thu, 26 Aug 2010 12:13:54 +0200 hourly 1 By: Christian Schenk http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/comment-page-1/#comment-17359 Christian Schenk Wed, 28 Jul 2010 12:52:47 +0000 http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/#comment-17359 Hi Kris, the documentation says: <blockquote>Administering the information in the users and user roles table is the responsibility of your own applications. Tomcat does not provide any built-in capabilities to maintain users and roles.</blockquote> I guess you've got an implementation that handles the registration process. During this process you should insert the new user into the corresponding database table that's being used by the realm. Then have a look at the realm's implementation and I'm pretty sure that it just places something in the session to authenticate the user - just do this after you registration process and the user should be logged in automatically. Hi Kris,
the documentation says:

Administering the information in the users and user roles table is the responsibility of your own applications. Tomcat does not provide any built-in capabilities to maintain users and roles.

I guess you’ve got an implementation that handles the registration process. During this process you should insert the new user into the corresponding database table that’s being used by the realm. Then have a look at the realm’s implementation and I’m pretty sure that it just places something in the session to authenticate the user – just do this after you registration process and the user should be logged in automatically.

]]> By: Kris Reid http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/comment-page-1/#comment-17356 Kris Reid Wed, 28 Jul 2010 12:42:22 +0000 http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/#comment-17356 Hi I'm using a database realm and the login/security works great but I have one issue. After the user registers, I want the user to be automatically logged into the application. Any idea how can you automatically populate the Realm? If you want to see what I mean you can register free here for my <a href="http://www.autobacklinkservice.com/login.html" rel="nofollow">Backlink Service</a> Hi

I’m using a database realm and the login/security works great but I have one issue.

After the user registers, I want the user to be automatically logged into the application. Any idea how can you automatically populate the Realm?

If you want to see what I mean you can register free here for my Backlink Service

]]> By: Yasitha http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/comment-page-1/#comment-7774 Yasitha Sat, 09 May 2009 11:45:52 +0000 http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/#comment-7774 Wow really useful article, thanks buddy.. Wow really useful article, thanks buddy..

]]> By: Christian Schenk http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/comment-page-1/#comment-4491 Christian Schenk Fri, 02 Jan 2009 17:50:15 +0000 http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/#comment-4491 Hi jeremy, as far as I know you'll have to do HTTP-Authentication yourself, i.e. you'll have to send the appropriate HTTP headers (e.g. <em>WWW-Authenticate</em>) yourself in a servlet and then investigate the response headers. This way you can store the username in the session. But since this isn't very easy most people use Form-Based Authentication instead; <a href="http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security5.html" rel="nofollow">this page</a> is a good starting point. <a href="http://www.artima.com/weblogs/viewpost.jsp?thread=155252" rel="nofollow">Here</a> are some pros and cons about HTTP-Authentication. Hi jeremy,
as far as I know you’ll have to do HTTP-Authentication yourself, i.e. you’ll have to send the appropriate HTTP headers (e.g. WWW-Authenticate) yourself in a servlet and then investigate the response headers. This way you can store the username in the session.
But since this isn’t very easy most people use Form-Based Authentication instead; this page is a good starting point. Here are some pros and cons about HTTP-Authentication.

]]> By: jeremy http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/comment-page-1/#comment-4487 jeremy Fri, 02 Jan 2009 13:51:12 +0000 http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/#comment-4487 Once authenticated in the application, how do you access information about the user that is logged on? Is the Principal object stored as a session attribute or how else can you access it? Simple example, how would you get hold of the username on a JSP to do a DB query that uses that username as a parameter? Once authenticated in the application, how do you access information about the user that is logged on? Is the Principal object stored as a session attribute or how else can you access it? Simple example, how would you get hold of the username on a JSP to do a DB query that uses that username as a parameter?

]]> By: andrei http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/comment-page-1/#comment-3959 andrei Sat, 06 Dec 2008 15:22:12 +0000 http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/#comment-3959 very good mate! keep up the good momentum... :) very good mate!

keep up the good momentum… :)

]]> By: Lawrence http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/comment-page-1/#comment-2700 Lawrence Tue, 07 Oct 2008 13:37:05 +0000 http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/#comment-2700 Christian, I was looking for alternatives to Lambda Probe, and as yet have not found one, but I saw that in Jan you reccommended this to someone. For some reason the site is completely down and off air, but I was wondering and hoping that you might know a little about the datasource configuration. Is it possible to direct the data source config to the MySQL deamon instead of the Tomcat Instance ? If you cannot answer this, I will keep searching. Just that they seem to have dropped off the face of the earth without cause. Thanks in advance Lawrence PS: I have the latest probe.war file if that person still needs it. Christian,

I was looking for alternatives to Lambda Probe, and as yet have not found one, but I saw that in Jan you reccommended this to someone. For some reason the site is completely down and off air, but I was wondering and hoping that you might know a little about the datasource configuration. Is it possible to direct the data source config to the MySQL deamon instead of the Tomcat Instance ?

If you cannot answer this, I will keep searching. Just that they seem to have dropped off the face of the earth without cause.

Thanks in advance
Lawrence

PS: I have the latest probe.war file if that person still needs it.

]]>