struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] tomcat 5.5 authentication question
Date Tue, 14 Aug 2007 16:05:55 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eugen,

Eugen Stoianovici wrote:
> Since I can't intercept the login form (which goes to j_security_check)
> where should i put the code for setting those session values?

Ah, but you can intercept it!

You just need to think outside the container. Or, inside, rather. Use a
filter with logic like this:

public void doFilter(...)
{
    Principal p = request.getPrincipal();
    HttpSession session = request.getSession();
    Object mySessionObj = session.getAttribute("my_session_key");

    if(null != p && null == mySessionObj)
    {
        // There is a Principal (valid login) who has not been set up.

        // TODO: retrieve whatever objects you need to stick in
        // the session.
        mySessionObj = ...;

        session.setAttribute("my_session_key", mySessionObj);
    }
}

I myself use a filter like this, and it works just fine.

I hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGwdLj9CaO5/Lv0PARAtUKAJ49aG9OFCmlLfiwElOIqilRWgxLWACgmAph
QrsIbkd6e1CykySOfx+sfPQ=
=WzPF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message