fylix0000
asked on
How does JDBCRealm get the "username" parameter from user input?
Hi I have this question that puzzle me ...
You can go to http://www.koders.com/java/fid123DEE396363A73FCDDEF9AFBC4174048F3EEBA4.aspx to see a typical code for JDBCRealm.java
I am using Tomcat log in form with user name password and when click submit, apparently the action J_security_check is called. Then JDBCRealm took over the authentication.
I know how JDBCRealm go in and check the user name and password from the database.
Now, my question is how does JDBCRealm "read in" the input user name variable that coming from the user in order to compare withe the user name in the database for authentication?
Since I look at the code , they just call a method like authentication (String username, String password) kind of thing. Is there some back ground process that J_security_check does to pass on these parameter to JDBCRealm?
You can go to http://www.koders.com/java/fid123DEE396363A73FCDDEF9AFBC4174048F3EEBA4.aspx to see a typical code for JDBCRealm.java
I am using Tomcat log in form with user name password and when click submit, apparently the action J_security_check is called. Then JDBCRealm took over the authentication.
I know how JDBCRealm go in and check the user name and password from the database.
Now, my question is how does JDBCRealm "read in" the input user name variable that coming from the user in order to compare withe the user name in the database for authentication?
Since I look at the code , they just call a method like authentication (String username, String password) kind of thing. Is there some back ground process that J_security_check does to pass on these parameter to JDBCRealm?
ASKER
Thanks Dean,
the site is a good information but some how I still not sure the machanism of how the username/password parameter is passed onto the JDBCRealm.java for authentication. What I am interested in is how JDBCRealm maps j_username into the "username" variable that is used by the program to authenticate against the database's username.
The reason I want to know this because instead of using user input, I am attempting to get JDBCRealm to read the window domain user name.
I have setup the NT side so that I can get the NT user name if I do : request.getRemoteUser() , but I cant seem to get JDBCRealm to read in that user name.
the site is a good information but some how I still not sure the machanism of how the username/password parameter is passed onto the JDBCRealm.java for authentication. What I am interested in is how JDBCRealm maps j_username into the "username" variable that is used by the program to authenticate against the database's username.
The reason I want to know this because instead of using user input, I am attempting to get JDBCRealm to read the window domain user name.
I have setup the NT side so that I can get the NT user name if I do : request.getRemoteUser() , but I cant seem to get JDBCRealm to read in that user name.
It might not be a good idea to get the Windows domain user-name because the user might be using a local ID (and not a network ID) to log on to the application and if he is using a proxy to connect to the server, it will be another problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The login form must contain fields for entering username and password. These fields must be named j_username and j_password, respectively. This form should post these values to j_security_check logical name.
>>Is there some back ground process that J_security_check does to pass on these parameter to JDBCRealm?
The whole process is described in the following link http://www.onjava.com/pub/a/onjava/2002/06/12/form.html