tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: ServletFilter on j_security_check
Date Sun, 01 Feb 2004 18:57:53 GMT
Frank,
if you develop a JAAS login module, you can get it to do pretty much 
anything you want, apart from having instant access to that user's 
session. You could write the login attempts to a database for instance.

Adam

On 01/31/2004 11:51 PM Tim Funk wrote:
> Yeah. Use a Valve. A Valve is just like a filter but is tomcat dependent 
> and is issued before any filters are invoked.
> 
> Any such functionality your looking for is NOT Servlet spec specific so 
> whatever solution you use - you'll be locked into that container.
> 
> -Tim
> 
> Frank Febbraro wrote:
> 
>> Well that sucks :-(
>>
>> Any change that in the future Tomcat can have somethign silimar to the
>> auth-filter in WebLogic...basically just a way to hookup (via 
>> interface) a
>> class that can be notified of these events?
>>
>> Guess I need to break out my papers and roll my own....again.
>>
>> For those with problems such as these, check out
>> http://opensource.atlassian.com/seraph/introduction.html
>>
>> ----- Original Message ----- From: "Tim Funk" <funkman@joedog.org>
>> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
>> Sent: Friday, January 30, 2004 7:29 AM
>> Subject: Re: ServletFilter on j_security_check
>>
>>
>>
>>> The Sun spec team has said that filters can't be applied to
>>
>>
>> j_security_check.
>>
>>> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795
>>>
>>> -Tim
>>>
>>> Frank Febbraro wrote:
>>>
>>>
>>>> Using Tomcat 4.1.x
>>>>
>>>> In looking at the source it seems that there is no simple way to hook
>>
>>
>> into the Login process to get notified of successes or failures 
>> (dammit). So
>> I was attempting to servlet filter the j_security_check and do my own
>> pre/post processing. However I am unable to filter it. Is this URL
>> specifically ignored by the filtering mechanism?
>>
>>>> My web.xml file looks as such...
>>>>
>>>> <filter>
>>>>  <filter-name>login</filter-name>
>>>>  <filter-class>raider.portal.servlet.LoginFilter</filter-class>
>>>> </filter>
>>>>
>>>> <filter-mapping>
>>>>  <filter-name>login</filter-name>
>>>>  <url-pattern>/j_security_check</url-pattern>
>>>> </filter-mapping>
>>>>
>>>> Kinda running out of options at this point, anyone else had a problem
>>
>>
>> similar to needing to audit the login results?
>>
>>>> Thanks in advance,
>>>> Frank
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


-- 
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message