• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 471
  • Last Modified:

How does JDBCRealm get the "username" parameter from user input?

Hi I have this question that puzzle me ...

You can go to http://www.koders.com/java/fid123DEE396363A73FCDDEF9AFBC4174048F3EEBA4.aspx to see a typical code for JDBCRealm.java

I am using Tomcat log in form with user name password and when click submit, apparently the action J_security_check is called.  Then JDBCRealm took over the authentication.


I know how JDBCRealm go in and check the user name and password from the database.


Now, my question is how does JDBCRealm "read in" the input user name  variable that coming from the user in order to compare withe the user name in the database for authentication?

Since I look at the code , they just call a method like authentication (String username, String password) kind of thing.  Is there some back ground process that J_security_check does to pass on these parameter to JDBCRealm?

0
fylix0000
Asked:
fylix0000
1 Solution
 
DeanHorakCommented:
>>how does JDBCRealm "read in" the input user name  variable that coming from the user in order to compare withe the user name in the database for authentication?

The login form must contain fields for entering username and password. These fields must be named j_username and j_password, respectively. This form should post these values to j_security_check logical name.

>>Is there some back ground process that J_security_check does to pass on these parameter to JDBCRealm?

The whole process is described in the following link http://www.onjava.com/pub/a/onjava/2002/06/12/form.html
0
 
fylix0000Author Commented:
Thanks Dean,

the site is a good information but some how I still not sure the machanism of how the username/password parameter is passed onto the JDBCRealm.java for authentication.  What I am interested in is how JDBCRealm maps j_username into the "username" variable that is used by the program to authenticate against the database's username.


The reason I want to know this because instead of using user input, I am attempting to get JDBCRealm to read the window domain user name.

I have setup the NT side so that I can get the NT user name if I do : request.getRemoteUser()  ,  but I cant seem to get JDBCRealm to read in that user name.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
It might not be a good idea to get the Windows domain user-name because the user might be using a local ID (and not a network ID) to log on to the application and if he is using a proxy to connect to the server, it will be another problem.
0
 
actonwangCommented:
JDBCRealm might be unique to Tomcat. j_username/password are specified in the specification and Tomcat provides its own implementation.  If you look at tomcat architecture, it uses internal request object to wrap around normal request object (call it TomcatRequest). TomcatRequest will check on to see if j_username/password has been received and acton upon it accordingly.

You don't need to take it too seriously because it will be very different for each vendor, such as Websphere, Weblogic. The parameters names are same but the setup or implementation of how you can use them are different in each web app of different kind.

That might be the only thing you and I need to know.

Acton
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now