Return-Path: 
 <tomcat-user-return-44342-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 19962 invoked by uid 500); 14 Aug 2001 14:05:40 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: tomcat-user@jakarta.apache.org
list-help: <mailto:tomcat-user-help@jakarta.apache.org>
list-unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
list-post: <mailto:tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 19937 invoked from network); 14 Aug 2001 14:05:40 -0000
Received: from unknown (HELO snax.thwt.com) (216.215.228.131)
  by h31.sny.collab.net with SMTP; 14 Aug 2001 14:05:40 -0000
Received: by SNAX with Internet Mail Service (5.5.2448.0)
	id <P9QGSMXK>; Tue, 14 Aug 2001 09:26:47 -0400
Message-ID: <A1C69E9A4D29D311AFE000A024CA0B0B1F66CA@SNAX>
From: Randy Layman <randy.layman@aswethink.com>
To: tomcat-user@jakarta.apache.org
Subject: RE: form auth: how to get user name if login was incorrect
Date: Tue, 14 Aug 2001 09:26:44 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N



> -----Original Message-----
> From: Taavi Tiirik [mailto:taavi@ibs.ee]
> Sent: Tuesday, August 14, 2001 8:01 AM
> To: tomcat-user@jakarta.apache.org
> Subject: RE: form auth: how to get user name if login was incorrect
> 
> 
> > > How to get a user name (and password) with form authentication,
> > > if authentication was not successful and user was sent to error
> > > page. Is this information lost at this moment or can I get it
> > > somehow?
> 
> > From: Randy Layman>
> > I believe that its in the seesion.getAttribute("j_username").
> > I might be wrong about that (I have modified my local copy of that
> > code.
> 
> If I call session.getAttribute("j_username") on an error page, the
> result is null.
> 
> What modifications did you do?
> 

In src\org\apache\tomcat\request\AccessInterceptor there is a class named
FormSecurityCheckHandler.  The doService method is where Tomcat moves the
values from the request to the session.  Here you could move the username to
the session. Also in that same file is a class FormAuthHandler.  Its
doService method is where Tomcat removes j_username from the session if the
user has an invalid login.  I've modified a lot of this code (I need to have
three things to identify a user, not just two) and am not sure which one was
the least intrusive change to allow me to get the username for an invalid
login.

	Randy