Solved

Populating bean after form based authentication

Posted on 2004-08-06
8
216 Views
Last Modified: 2010-04-01
Hi.
I'm using Tomcat 5 with form authentication tied to a mySQL database.
I can get the user logged in and also protect things using roles.
The problem is, there are other things, such as user preferences, address info, etc that I want to put in a Session Bean.
I'm not exactly sure how to make this happen...

Do i need to use some sort of custom authentication to make this happen?
If so, can I still use the container managed security at all?

Are there any examples of doing this?

Thanks!
0
Comment
Question by:jdoklovic
  • 5
  • 3
8 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 11744061
Yes you can use container managed security still. When you login the container remembers the login name of the user, so if you do a request.getRemoteUser() it will return you the name of the user logged in.

> The problem is, there are other things, such as user preferences, address info, etc that I want to put in a Session Bean.

Where is this data stored? In a database? In a file? What I would do will be to actually have a User object that represents the user. This user object will hold all the relevant user information such as preferences, address info, login name etc and anything else you need. Then upon user login, load this data from where you store them, fill up a User object and add it to the session bean. Your session bean should have an instance variable of type User in order to be able to assing it.

0
 
LVL 1

Author Comment

by:jdoklovic
ID: 11751845
Yes, the user info is in a DB.
Creating a UserBean object is exactly what I want to do.
Problem is, the "upon login" part.

It's my understanding, the Container will send the user to login.jsp whenever the user requests a secured app and is not already authenticated.
Then when the user submits the login form, the container authenticates and then sends the user back to the original resource.
So at this point, I guess I'm unsure where/when to populate the UserBean.

Thanks!
0
 
LVL 35

Accepted Solution

by:
girionis earned 500 total points
ID: 11751942
>It's my understanding, the Container will send the user to login.jsp whenever the user requests a
>secured app and is not already authenticated.
>Then when the user submits the login form, the container authenticates and then sends the user
>back to the original resource.

Yes this is true. When you login and the container redirects you to a page (lets call it firstPage.jsp) in the firstPage.jsp you do a

String loginName = request.getRemoteUser();

and you will have the login name of the user. Then you do a request to the database based on the login name, something like:

SELECT * FROM usersTable WHERE username = 'loginName'

and you will get a ResultSet back. You will have to go through this ResultSet and assign the value of the row you will get back (I am assuming that the username is unique so you will only get a record back) into the user value object you have. Something like:

UserBean ub = new UserBean();
ub.setLoginName(resultSet.getString("loginName"));
ub.setSurname(resultSet.getString("surname"));
...

and so on. After you are done you will have a user represented as a UserBean with all the relevant details.
0
 
LVL 1

Author Comment

by:jdoklovic
ID: 11752418
That makes sense.
So if I have multiple entry points into the app, I have to put this code on every page I'm guessing.

I'm not sure if you can answer this cause I'm guessing it depends on how I write the bean, but can I do something like this in each jsp page:

UserBean ub = new UserBean(request.getRemoteUser());

Then, if the bean already exists in the session for that user just return it, and if not, then do the DB lookup and return the newly populated bean?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 35

Expert Comment

by:girionis
ID: 11759914
> So if I have multiple entry points into the app, I have to put this code on every page I'm guessing.

Yes, you have to put it in every jsp page you want to create the user object.

>I'm not sure if you can answer this cause I'm guessing it depends on how I write the bean, but
>can I do something like this in each jsp page:
>
>UserBean ub = new UserBean(request.getRemoteUser());

Yes you can. The only thing you have to do is to move all the database related code in the UserBean class. The UserBean will be receiving the username, will be connecting to the database, will be getting the result set and will be assigning the values of the ResultSet to its instance variables. And this is the prefered way to do it since you are keeping the JSP page cleaner. Although, if you want to modularize further, you could have a separate bean (lets call it DatabaseBean) that does all the db stuff. By doing this you separate the db logic from the user logic. But for the time beiing it's fine to keep it like this.

>Then, if the bean already exists in the session for that user just return it, and if not, then do >the DB lookup and return the newly populated bean?

Yes, just check the session for the defined value (a good way is to store the bean by using the username's value), for instance:

// Get the session
session = request.getSession();
// Get the bean that corresponds to the user who  has just logged in
UserBean user = (UserBean) session.getAttribute(request.getRemoteUser());
// If UserBean does not exist
if (user == null)
{
    // create a new one
    user = new UserBean(request.getRemoteUser());
}
else
{
    // do other stuff
}

Hope it helps :)

Thank you for accepting also.
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759919
This code:

// create a new one
user = new UserBean(request.getRemoteUser());

coud be (if you want to put it in the session)

// create a new one
user = new UserBean(request.getRemoteUser());
// Put it in the session
session.setAttribute(request.getRemoteUser(), user);
0
 
LVL 1

Author Comment

by:jdoklovic
ID: 11763171
Thanks for all of your help.
0
 
LVL 35

Expert Comment

by:girionis
ID: 11765022
No problem :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ajax auto save 15 98
Run the project 5 87
attribute vs parameter and setter vs add method 17 83
java.util.concurrent.locks in java 3 186
Scenario: Your operations manager has discovered an anomaly in your security system. The business will start to suffer within 15 minutes if it is a major IT incident. What should she do? We have 6 recommendations for managing major incidents (https:…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now