tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Römer <torsten.roe...@luniks.net>
Subject Re: Performing an action on form-based login
Date Tue, 24 May 2005 18:20:25 GMT
Hi Ross,

Ross Nicoll schrieb:
> We're having more or less the same problem. Is there perhaps a chance
> of a UserFormLoginListener in a future version of Tomcat? Anyone have
> any advice on this?

Such a listener would be nice...

I now went for a filter (as seen in another post) and I am very 
satisfied with how it works. I mapped the filter to the URL-pattern "/*" 
so all requests go to it. In the doFilter() method I use 
request.getRemoteUser() to differentiate between an authenticated and a 
"guest" session. Then I store some "User" object in the session and use 
it to check if the session is new or if a user has just logged in.

If you like I post some details.
> 
> Some reliable method for logging out a user would also be extremely useful.

This you probably know anyway, but I use 
request.getSession(false).invalidate() and then I redirect to the main 
page. As I understand the new request made by the redirect causes a 
clean new session to be created. At least I can say it works fine for me.

> 
> On 5/22/05, Torsten Römer <torsten.roemer@luniks.net> wrote:
>>This question has been asked (and answered to) earlier, but I am still
>>unsure:
>>
>>I am using container managed security with form-based authentication. I
>>am really happy with how it works. But now I would like to perform an
>>action when a user has authenticated, such as loading user preferences
>>and store them in the session.
>>
>>First I thought I could use a HttpSessionListener for that. Now I know
>>when a new session has been created, but what I am missing is the
>>username. The only way to get it seems to be from a request using
>>getRemoteUser(). Or am I wrong? I really hope I am...
>>
>>I read about setting up a filter but then read somewhere else that this
>>is not reliable.
>>
>>I also found this article "Active Authentication"
>>http://java.sys-con.com/read/37660.htm which sounds interesting but the
>>link to the source code is broken, so I don't get how to implement that.
>>
>>Can someone help me out?
>>
>>Torsten
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message