Hi guys, I am trying to restrict users to access the sources of my application so I have used tomcat-users.xml file , but later I will be facing a problem which is how if I have a lot of authorized users , so I will add each one to that file manually , i think it is not efficient way . Furthermore , I am having an application that lets users used its resources based on the user account in database. if the user has an account in database he/she can login to the application and use the resources , so how can I use this idea with tomcat-users.xml just to avoid the increase number of authorized users in tomcat-users.xml
I hope you understand my question . I don't mind to repeat it again if you have any question
please help me guys because I want to prevent unathorized users to access directly using URL in my application
thank you very very very much
alsoumhi 0 Junior Poster in Training
javaAddict 900 Nearly a Senior Poster Team Colleague Featured Poster
I want to prevent unathorized users to access directly using URL in my application
When the user logs in, do you put that user in the session?
String username;
String password;
// check the database to see if the user is valid.
if (yes) {
request.getSession().setAttribute("USER",username);
}When the user logs out do you do this:
request.getSession().setAttribute("USER",null);And my suggestion would be to put this check in all of your pages:
String username = (String)request.getSession().getAttribute("USER");
if (username==null) {
// unauthorized user
// redirect to log in page
} Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.