tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike W-M" <>
Subject Re: How to intercept user authentication
Date Tue, 17 Dec 2002 01:48:31 GMT
A general approach (at least I use it, but not with Struts or Velocity) is
to make sure a session is created for each user who logs on.  (One will
probably have already been created by Tomcat in handling the
basic-authentication - it certainly is using form-based authentication.)

1) Check to see if there's an attribute in the session, called (e.g.)
2) If there is, don't do anything (because this isn't the first time the
user has made an authenticated request).
3) If there isn't, create an attribute with this name and record in the
database the fact that this user has logged on.
[Note that it's not generally good practice to go storing things in sessions
that are still new ( .isNew()) because the browser hasn't necessarily agreed
to "take part" in the session at that stage.  But since I think one will
have been created by Tomcat I've not bothered considering this...]

Like I say, I use this but not with Struts.  I have my own controlling
servlet that all requests are passed through so I can perform these checks
there before the request is processed.   My (very basic) understanding of
Struts is that it has its own controller servlet, but then you probably
don't want to change that.  I'll leave it to you to see if there's somewhere
else (within the framework) you could use this approach, or to someone else
to give you a Struts-specific method.


----- Original Message -----
From: "Iran Marcius" <>
To: <>
Sent: Monday, December 16, 2002 5:48 PM
Subject: How to intercept user authentication

I'm trying to do something that propably somebody did before (or, at
least needed to).

Currently I'm using tomcat 4.1.16 with Struts 1.0.1 and Velocity Tools
for my applications. I configured a BASIC authentication realm, with
digested passwords.

How can I intercept the process after authentication is made so I can
register login date/time in my database.

Somebody could point me the direction?

Thanx in advance.


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message