Hi guys, I am trying to restrict users to access the sources of my application so I have used tomcat-users.xml file , but later I will be facing a problem which is how if I have a lot of authorized users , so I will add each one to that file manually , i think it is not efficient way . Furthermore , I am having an application that lets users used its resources based on the user account in database. if the user has an account in database he/she can login to the application and use the resources , so how can I use this idea with tomcat-users.xml just to avoid the increase number of authorized users in tomcat-users.xml
I hope you understand my question . I don't mind to repeat it again if you have any question
please help me guys because I want to prevent unathorized users to access directly using URL in my application
thank you very very very much

I want to prevent unathorized users to access directly using URL in my application

When the user logs in, do you put that user in the session?

String username;
String password;

// check the database to see if the user is valid.
if (yes) {
  request.getSession().setAttribute("USER",username);
}

When the user logs out do you do this:

request.getSession().setAttribute("USER",null);

And my suggestion would be to put this check in all of your pages:

String username = (String)request.getSession().getAttribute("USER");
if (username==null) {
  // unauthorized user
  // redirect to log in page
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.