tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank W. Zammetti" <fzli...@omnytex.com>
Subject Re: j_security_check & sessions
Date Mon, 01 Aug 2005 13:50:08 GMT
AFAIK, no, there is no way to do it.  Here at work we've built a whole
security framework that works hand-in-hand with J2EE security,
specifically to deal with shortcomings just like this.

In our framework, we have a filter who has a couple of functions, and one
of them is exactly what you describe.  Since j_security_check is nothing
but a servlet that a request is redirected to when intercepted, you still
have the opportunity to have a filter fire, so you can grab j_username and
j_password if you wish and stick them in session (assuming it is created
already... you may have set things up to not have a session at that
point).

-- 
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com

On Mon, August 1, 2005 9:04 am, Chris Holden said:
> Hi, I am using the built in security constraints to password protect some
> directories in my app. It works fine, but I was wondering when someone
> uses the login form to get to the passworded directory or page, is it
> possible to get the username and/or password that the user submits in the
> j_security_check form? I'd like to be able to set a cookie or session
> variable with the persons username in after they log in so the next time
> they come back to the site they see a personalised greeting kind of thing.
>
> I've tried printing out all request attributes/parameters, session
> variables and cookies after and before login but apart from the sessionid
> there isnt anything set.
>
> Does anyone know how to do what I want?
>
>
> Cheers,
>
> Chris.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message