tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Kirk" <tomcat-u...@web-startup.co.uk>
Subject RE: Performing an action on form-based login
Date Wed, 25 May 2005 12:55:01 GMT

Not maybe of direct help unless you get really stuck, but my approach was to
use TCs sessions, but not its authentication framework.  My original
reasoning for this was that I wanted login details to be in a RDMS table
along with other data.  So I coded the login/logout process myself, which
was a little work to achieve, but gives me freedom to handle the sorts of
things you are talking about in a flexible way.

My way around the problem you describe is that when someone successfully
authenticates, I add their uid to the session object as a String in the
doGet() method:

	String uid = request.getParameter("form_uid_field");
	request.getSession(true).setAttribute(uid, null);

And because the uid is now accessible via the session object, when your
SessionListener catches the attributeAdded/Changed/Replaced events, they
pass a HttpSessionBindingEvent, from which you can call
.getSession().getAttribute("uid")

> -----Original Message-----
> From: Ross Nicoll [mailto:xugumad@gmail.com] 
> Sent: Tuesday 24 May 2005 15:17
> To: Tomcat Users List
> Subject: Re: Performing an action on form-based login
> 
> 
> We're having more or less the same problem. Is there perhaps a chance
> of a UserFormLoginListener in a future version of Tomcat? Anyone have
> any advice on this?
> 
> Some reliable method for logging out a user would also be 
> extremely useful.
> 
> On 5/22/05, Torsten Römer <torsten.roemer@luniks.net> wrote:
> > This question has been asked (and answered to) earlier, but 
> I am still
> > unsure:
> > 
> > I am using container managed security with form-based 
> authentication. I
> > am really happy with how it works. But now I would like to 
> perform an
> > action when a user has authenticated, such as loading user 
> preferences
> > and store them in the session.
> > 
> > First I thought I could use a HttpSessionListener for that. 
> Now I know
> > when a new session has been created, but what I am missing is the
> > username. The only way to get it seems to be from a request using
> > getRemoteUser(). Or am I wrong? I really hope I am...
> > 
> > I read about setting up a filter but then read somewhere 
> else that this
> > is not reliable.
> > 
> > I also found this article "Active Authentication"
> > http://java.sys-con.com/read/37660.htm which sounds 
> interesting but the
> > link to the source code is broken, so I don't get how to 
> implement that.
> > 
> > Can someone help me out?
> > 
> > Torsten
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > 
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message