tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Römer <>
Subject Re: Performing an action on form-based login
Date Tue, 24 May 2005 18:20:25 GMT
Hi Ross,

Ross Nicoll schrieb:
> We're having more or less the same problem. Is there perhaps a chance
> of a UserFormLoginListener in a future version of Tomcat? Anyone have
> any advice on this?

Such a listener would be nice...

I now went for a filter (as seen in another post) and I am very 
satisfied with how it works. I mapped the filter to the URL-pattern "/*" 
so all requests go to it. In the doFilter() method I use 
request.getRemoteUser() to differentiate between an authenticated and a 
"guest" session. Then I store some "User" object in the session and use 
it to check if the session is new or if a user has just logged in.

If you like I post some details.
> Some reliable method for logging out a user would also be extremely useful.

This you probably know anyway, but I use 
request.getSession(false).invalidate() and then I redirect to the main 
page. As I understand the new request made by the redirect causes a 
clean new session to be created. At least I can say it works fine for me.

> On 5/22/05, Torsten Römer <> wrote:
>>This question has been asked (and answered to) earlier, but I am still
>>I am using container managed security with form-based authentication. I
>>am really happy with how it works. But now I would like to perform an
>>action when a user has authenticated, such as loading user preferences
>>and store them in the session.
>>First I thought I could use a HttpSessionListener for that. Now I know
>>when a new session has been created, but what I am missing is the
>>username. The only way to get it seems to be from a request using
>>getRemoteUser(). Or am I wrong? I really hope I am...
>>I read about setting up a filter but then read somewhere else that this
>>is not reliable.
>>I also found this article "Active Authentication"
>> which sounds interesting but the
>>link to the source code is broken, so I don't get how to implement that.
>>Can someone help me out?
>>To unsubscribe, e-mail:
>>For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message