Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

noob j_security_check question.

Posted on 2007-04-04
7
Medium Priority
?
444 Views
Last Modified: 2008-03-03
1. to login, i use j_security_check... but what a bout logout?
2. If i wanted to keep track on which user login at what time, how do i insert the code in j_security_check so that it will do so?

0
Comment
Question by:InNoCenT_Ch1ld
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 18855335
Oddly, logout doesn't really have a definition.

What we do is clear all the session attributes, clear the cookies, and destroy the session.  It has the desired effect.

You can't insert code into j_security_check -- it's entirely internal to Tomcat and has no public interface.

What you have to do is add code to your login handling to set data in a database, or sessions, or wherever you keep data, to keep track of your users.  We log it to a database, for example.

0
 
LVL 3

Author Comment

by:InNoCenT_Ch1ld
ID: 18855371
but if i define the action to be the j_security_check already, where am i suppose to add my code to?
0
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 2000 total points
ID: 18855510
You post to j_security_check, you never see the actual j_security_check code itself.

In your web.xml, you define the name of the page for login, and for an error in login.  The login page is just the presentation of the username/password form to the user, which is in a special location in your webapp (jsp/security/protected).   You can create cookies there, if that helps your app.

This page has a simple walk-through of how to set up form-based authentication in Tomcat:
http://www.onjava.com/lpt/a/1024

This is a more complex discussion of it:
http://www.devx.com/assets/download/6264.pdf

This one is a little easier to follow and has a nice diagram of the typical web app page setup with Tomcat login, a login page, and the login-protected web-app pages:
http://www.javapassion.com/j2ee/WebApplicationSecurity.pdf
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 3

Author Comment

by:InNoCenT_Ch1ld
ID: 18855526
tks
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 18855540
You're welcome.

This is an area everyone has to work through, and there are a few different ways to use the login feature from Tomcat.  Post another question back on EE if you get stuck again.

Good luck!
0
 
LVL 3

Author Comment

by:InNoCenT_Ch1ld
ID: 18855559
i'm using jdbcrealm with digest.. but i cant get it to work. if you know how, let me know, i will open a question.
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 18857862
I haven't used it, but I've used login with Tomcat a lot, and I'm sure there are other people at EE with specific jdbc realm and digested password experience.  So sure, post the question.

When you do, it would help a lot if you posted the jdbc realm definition in your server.xml, the security parts of your web.xml, the login code you're trying to make work, and the error message you're getting.  Obfuscate any parts of the code you need to -- although I don't think that any of this should be an issue, unless IP addresses are involved somewhere.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question