Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Populating bean after form based authentication

Posted on 2004-08-06
8
Medium Priority
?
224 Views
Last Modified: 2010-04-01
Hi.
I'm using Tomcat 5 with form authentication tied to a mySQL database.
I can get the user logged in and also protect things using roles.
The problem is, there are other things, such as user preferences, address info, etc that I want to put in a Session Bean.
I'm not exactly sure how to make this happen...

Do i need to use some sort of custom authentication to make this happen?
If so, can I still use the container managed security at all?

Are there any examples of doing this?

Thanks!
0
Comment
Question by:jdoklovic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 11744061
Yes you can use container managed security still. When you login the container remembers the login name of the user, so if you do a request.getRemoteUser() it will return you the name of the user logged in.

> The problem is, there are other things, such as user preferences, address info, etc that I want to put in a Session Bean.

Where is this data stored? In a database? In a file? What I would do will be to actually have a User object that represents the user. This user object will hold all the relevant user information such as preferences, address info, login name etc and anything else you need. Then upon user login, load this data from where you store them, fill up a User object and add it to the session bean. Your session bean should have an instance variable of type User in order to be able to assing it.

0
 
LVL 1

Author Comment

by:jdoklovic
ID: 11751845
Yes, the user info is in a DB.
Creating a UserBean object is exactly what I want to do.
Problem is, the "upon login" part.

It's my understanding, the Container will send the user to login.jsp whenever the user requests a secured app and is not already authenticated.
Then when the user submits the login form, the container authenticates and then sends the user back to the original resource.
So at this point, I guess I'm unsure where/when to populate the UserBean.

Thanks!
0
 
LVL 35

Accepted Solution

by:
girionis earned 1500 total points
ID: 11751942
>It's my understanding, the Container will send the user to login.jsp whenever the user requests a
>secured app and is not already authenticated.
>Then when the user submits the login form, the container authenticates and then sends the user
>back to the original resource.

Yes this is true. When you login and the container redirects you to a page (lets call it firstPage.jsp) in the firstPage.jsp you do a

String loginName = request.getRemoteUser();

and you will have the login name of the user. Then you do a request to the database based on the login name, something like:

SELECT * FROM usersTable WHERE username = 'loginName'

and you will get a ResultSet back. You will have to go through this ResultSet and assign the value of the row you will get back (I am assuming that the username is unique so you will only get a record back) into the user value object you have. Something like:

UserBean ub = new UserBean();
ub.setLoginName(resultSet.getString("loginName"));
ub.setSurname(resultSet.getString("surname"));
...

and so on. After you are done you will have a user represented as a UserBean with all the relevant details.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:jdoklovic
ID: 11752418
That makes sense.
So if I have multiple entry points into the app, I have to put this code on every page I'm guessing.

I'm not sure if you can answer this cause I'm guessing it depends on how I write the bean, but can I do something like this in each jsp page:

UserBean ub = new UserBean(request.getRemoteUser());

Then, if the bean already exists in the session for that user just return it, and if not, then do the DB lookup and return the newly populated bean?
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759914
> So if I have multiple entry points into the app, I have to put this code on every page I'm guessing.

Yes, you have to put it in every jsp page you want to create the user object.

>I'm not sure if you can answer this cause I'm guessing it depends on how I write the bean, but
>can I do something like this in each jsp page:
>
>UserBean ub = new UserBean(request.getRemoteUser());

Yes you can. The only thing you have to do is to move all the database related code in the UserBean class. The UserBean will be receiving the username, will be connecting to the database, will be getting the result set and will be assigning the values of the ResultSet to its instance variables. And this is the prefered way to do it since you are keeping the JSP page cleaner. Although, if you want to modularize further, you could have a separate bean (lets call it DatabaseBean) that does all the db stuff. By doing this you separate the db logic from the user logic. But for the time beiing it's fine to keep it like this.

>Then, if the bean already exists in the session for that user just return it, and if not, then do >the DB lookup and return the newly populated bean?

Yes, just check the session for the defined value (a good way is to store the bean by using the username's value), for instance:

// Get the session
session = request.getSession();
// Get the bean that corresponds to the user who  has just logged in
UserBean user = (UserBean) session.getAttribute(request.getRemoteUser());
// If UserBean does not exist
if (user == null)
{
    // create a new one
    user = new UserBean(request.getRemoteUser());
}
else
{
    // do other stuff
}

Hope it helps :)

Thank you for accepting also.
0
 
LVL 35

Expert Comment

by:girionis
ID: 11759919
This code:

// create a new one
user = new UserBean(request.getRemoteUser());

coud be (if you want to put it in the session)

// create a new one
user = new UserBean(request.getRemoteUser());
// Put it in the session
session.setAttribute(request.getRemoteUser(), user);
0
 
LVL 1

Author Comment

by:jdoklovic
ID: 11763171
Thanks for all of your help.
0
 
LVL 35

Expert Comment

by:girionis
ID: 11765022
No problem :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question