tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: SessionListener
Date Mon, 01 Dec 2003 20:17:52 GMT


>Ok, still, I haven't found any documentation on how to add a
>SessionListener in the server.xml file, and adding one using the
>tags defined for web.xml files doesn't seem to work.

The XML is the similar but not quite the same to the portable one:
<listener className="mypackage.myclass" ... />  There is a generic
example in the Engine configuration reference, and another more specific
example in the Host configuration reference.  Neither, however, is a
SessionListener example.

There IS one specific, full-features SessionListener example: the
SingleSignOn valve.  It's present (but commented out) in server.xml by
default, and you can take a look at the source code.  It's a more
complicated and confusing example because it's also a Valve ;(  But then
again, I wouldn't even bother with this whole approach when you have the
HttpSessionListener as part of the servlet specification.

where ... are attributes specific to your listener.  (The astute reader
would recognize the above as a commons Digester bean-based
initialization pattern).

>I also haven't seen how to get a user's credentials from a HttpSession,
>how to get a Session from an HttpSessionListener.  Could you throw me a

If the user is authenticated by the server, typically the information is
not in the session, it's in the request:
HttpServletRequest#getUserPrincipal.  A common use-case is to stuff this
in the session via a filter.

If you had an attribute called username that something was stuffing into
the session, i.e. something like a filter calling
session.setAttribute("username", "something"), then an
HttpSessionAttributeListener's attributeAdded would be called with the
attribute name and latest value.


This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message