|
wdsci-l-bounces@xxxxxxxxxxxx wrote on 06/23/2005 10:51:08 AM: > I'm triyng to limit access to a WebFaced application > based on username and ip address, how can I get the > username in JSP? > > If anybody can help me it would be great. I do not know what WebFacing offers in this area, but ideally you solve this problem at the Apache or WebSphere level. Force the login at that level, and let it protect your application as you desire. This has the added advantage of letting you implement an Single Sign-On solution someday. In this scenario the user tries to access a URL. If necessary, Apache or WAS will challenge the user for their ID and password. It will then permit or deny access according to your rules. Only when they are allowed, do they now hit your WebFacing code. Ideally, WebFacing apps have the ability to pick up the identity of the user from the login they provided to Apache or WAS so that they do not have to login again. Besides the easy security benefits, the user can move from app to app on your server without logging in again. The browser and Apache/WAS will handle all of that negotiation. Also, if you implement SSO, they might not need to login at all. Their client login will provide their credentials to Apache/WAS. Mark _____________________________________________________________________________ Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs. _____________________________________________________________________________
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
