tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mario Winterer <mario.winte...@eduhi.at>
Subject Re: AW: Login filter
Date Thu, 03 Feb 2005 20:49:41 GMT
Hi Ben!

You cannot hook in the login validation process without touching tomcat 
code.
But usually, this is not necessary. Just write a filter and map it to 
"/" - every request will be directed to your filter - except requests to 
"j_security_check". But this should not bother you, because your filter 
will be invoked right after a successful login process.
Inside your filter code, check if a certain session-attribute is set. If 
not, it is the first time after session creation that your filter is 
called. If this is the case, do whatever you intend to do and set the 
session-attribute to ensure that your code is only run once.

In pseudo-code (inside your filter's doFilter()-method):

if (request.getRemoteUser() == null) {
    // user is not logged in: clear session attribute if set
    session.removeAttribute("login");
} else if (session.getAttribute("login") == null) {
    // user is logged in but this filter has not been called since
    <put your special code here>
    // set the session attribute to avoid that the "special code" above 
is called twice:
    session.setAttribute("login", "true");
}

Best regards,
  Tex

>Hi Tim,
>
>Apologies for hassling you again with this.
>
>Any idea without getting inside of the TC source, how I can
>write some code just b4 and after the user login validation into the webapp
>with using the TC Realm
>and j_security_check ?? or must I go inside of the source :-(
>
>regards
>Ben
>p.s. I got this idea from a ibm websphere help doc, where it is possible !
>
>
>-----Ursprungliche Nachricht-----
>Von: Tim Funk [mailto:funkman@joedog.org]
>Gesendet: Donnerstag, 3. Februar 2005 12:41
>An: Tomcat Users List
>Betreff: Re: Login filter
>
>
>Filters cannot be run on j_security_check.
>
>-Tim
>
>Ben Bookey wrote:
>
>  
>
>>Dear List,
>>
>>I would like to perform an action after the user logs in to our app.
>>We are using the tomcat Realm security model, with an Oracle database.
>>So therefoer I am trying to implement a filter in Tomcat 4.1.27, which
>>checks for all requests on the url /j_security_check
>>
>>I know my filter is initialised because I do a out.println
>>to a logfile. But for some reason when I do a successful login
>>it doesnt perform the doFilter() method, so I suspect its something
>>to with the mapping below.
>>
>>Any hints?
>>
>>regards
>>
>>
>>    
>>
>'===========================================================================
>  
>
>>================
>>Here is the entry to the web.xml
>>  <filter>
>>			<filter-name>LoginFilter</filter-name>
>>			<description>Performs pre-login and post-login operation</description>
>>			<filter-class>com.myorg.myapp.filter.LoginFilter</filter-class>
>>  </filter>
>>  <filter-mapping>
>>			<filter-name>LoginFilter</filter-name>
>>			<url-pattern>/j_security_check</url-pattern>
>>  </filter-mapping>
>>
>>    
>>
>'===========================================================================
>  
>
>>==================
>>    
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message