tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Layman <>
Subject RE: form auth: how to get user name if login was incorrect
Date Tue, 14 Aug 2001 13:26:44 GMT

> -----Original Message-----
> From: Taavi Tiirik []
> Sent: Tuesday, August 14, 2001 8:01 AM
> To:
> Subject: RE: form auth: how to get user name if login was incorrect
> > > How to get a user name (and password) with form authentication,
> > > if authentication was not successful and user was sent to error
> > > page. Is this information lost at this moment or can I get it
> > > somehow?
> > From: Randy Layman>
> > I believe that its in the seesion.getAttribute("j_username").
> > I might be wrong about that (I have modified my local copy of that
> > code.
> If I call session.getAttribute("j_username") on an error page, the
> result is null.
> What modifications did you do?

In src\org\apache\tomcat\request\AccessInterceptor there is a class named
FormSecurityCheckHandler.  The doService method is where Tomcat moves the
values from the request to the session.  Here you could move the username to
the session. Also in that same file is a class FormAuthHandler.  Its
doService method is where Tomcat removes j_username from the session if the
user has an invalid login.  I've modified a lot of this code (I need to have
three things to identify a user, not just two) and am not sure which one was
the least intrusive change to allow me to get the username for an invalid


View raw message