See, if you have accessed a protected page say xxx.jsp, then j_security_check came in to action and ask the user his userid and password by displaying login page. If user is successfully authenticated, xxx.jsp will be served otherwise the default login-error page which is mentioned in web.xml will be displayed.
Once the user is successfully authenticated and authorized, the j_security_check servlet will store the user data in side the request object.
The user name will be obtained by request.getRemoteUser() method.
request.isUserInRole("ADMIN"); method can be used whether the user is in a particular role or not.
Other methods useful are : request.getUserPrincipal(); request.getAuthType();
Ads By Google
© 2018 - JavaSpartans.com • All Rights Reserved