Solved

Populating bean after form based authentication

Posted on 2004-08-06
8
219 Views
Last Modified: 2010-04-01
Hi.
I'm using Tomcat 5 with form authentication tied to a mySQL database.
I can get the user logged in and also protect things using roles.
The problem is, there are other things, such as user preferences, address info, etc that I want to put in a Session Bean.
I'm not exactly sure how to make this happen...

Do i need to use some sort of custom authentication to make this happen?
If so, can I still use the container managed security at all?

Are there any examples of doing this?

Thanks!
0
Comment
Question by:jdoklovic
  • 5
  • 3
8 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 11744061
Yes you can use container managed security still. When you login the container remembers the login name of the user, so if you do a request.getRemoteUser() it will return you the name of the user logged in.

> The problem is, there are other things, such as user preferences, address info, etc that I want to put in a Session Bean.

Where is this data stored? In a database? In a file? What I would do will be to actually have a User object that represents the user. This user object will hold all the relevant user information such as preferences, address info, login name etc and anything else you need. Then upon user login, load this data from where you store them, fill up a User object and add it to the session bean. Your session bean should have an instance variable of type User in order to be able to assing it.

0
 
LVL 1

Author Comment

by:jdoklovic
ID: 11751845
Yes, the user info is in a DB.
Creating a UserBean object is exactly what I want to do.
Problem is, the "upon login" part.

It's my understanding, the Container will send the user to login.jsp whenever the user requests a secured app and is not already authenticated.
Then when the user submits the login form, the container authenticates and then sends the user back to the original resource.
So at this point, I guess I'm unsure where/when to populate the UserBean.

Thanks!
0
 
LVL 35

Accepted Solution

by:
girionis earned 500 total points
ID: 11751942
>It's my understanding, the Container will send the user to login.jsp whenever the user requests a
>secured app and is not already authenticated.
>Then when the user submits the login form, the container authenticates and then sends the user
>back to the original resource.

Yes this is true. When you login and the container redirects you to a page (lets call it firstPage.jsp) in the firstPage.jsp you do a

String loginName = request.getRemoteUser();

and you will have the login name of the user. Then you do a request to the database based on the login name, something like:

SELECT * FROM usersTable WHERE username = 'loginName'

and you will get a ResultSet back. You will have to go through this ResultSet and assign the value of the row you will get back (I am assuming that the username is unique so you will only get a record back) into the user value object you have. Something like:

UserBean ub = new UserBean();
ub.setLoginName(resultSet.getString("loginName"));
ub.setSurname(resultSet.getString("surname"));
...

and so on. After you are done you will have a user represented as a UserBean with all the relevant details.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jdoklovic
ID: 11752418
That makes sense.
So if I have multiple entry points into the app, I have to put this code on every page I'm guessing.

I'm not sure if you can answer this cause I'm guessing it depends on how I write the bean, but can I do something like this in each jsp page:

UserBean ub = new UserBean(request.getRemoteUser());

Then, if the bean already exists in the session for that user just return it, and if not, then do the DB lookup and return the newly populated bean?
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759914
> So if I have multiple entry points into the app, I have to put this code on every page I'm guessing.

Yes, you have to put it in every jsp page you want to create the user object.

>I'm not sure if you can answer this cause I'm guessing it depends on how I write the bean, but
>can I do something like this in each jsp page:
>
>UserBean ub = new UserBean(request.getRemoteUser());

Yes you can. The only thing you have to do is to move all the database related code in the UserBean class. The UserBean will be receiving the username, will be connecting to the database, will be getting the result set and will be assigning the values of the ResultSet to its instance variables. And this is the prefered way to do it since you are keeping the JSP page cleaner. Although, if you want to modularize further, you could have a separate bean (lets call it DatabaseBean) that does all the db stuff. By doing this you separate the db logic from the user logic. But for the time beiing it's fine to keep it like this.

>Then, if the bean already exists in the session for that user just return it, and if not, then do >the DB lookup and return the newly populated bean?

Yes, just check the session for the defined value (a good way is to store the bean by using the username's value), for instance:

// Get the session
session = request.getSession();
// Get the bean that corresponds to the user who  has just logged in
UserBean user = (UserBean) session.getAttribute(request.getRemoteUser());
// If UserBean does not exist
if (user == null)
{
    // create a new one
    user = new UserBean(request.getRemoteUser());
}
else
{
    // do other stuff
}

Hope it helps :)

Thank you for accepting also.
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759919
This code:

// create a new one
user = new UserBean(request.getRemoteUser());

coud be (if you want to put it in the session)

// create a new one
user = new UserBean(request.getRemoteUser());
// Put it in the session
session.setAttribute(request.getRemoteUser(), user);
0
 
LVL 1

Author Comment

by:jdoklovic
ID: 11763171
Thanks for all of your help.
0
 
LVL 35

Expert Comment

by:girionis
ID: 11765022
No problem :)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Enabling the Skype for Business Meeting Scheduler in Hybrid OWA
Read our guide on how to survive being on-call.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question