tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank W. Zammetti" <>
Subject Re: j_security_check & sessions
Date Mon, 01 Aug 2005 13:50:08 GMT
AFAIK, no, there is no way to do it.  Here at work we've built a whole
security framework that works hand-in-hand with J2EE security,
specifically to deal with shortcomings just like this.

In our framework, we have a filter who has a couple of functions, and one
of them is exactly what you describe.  Since j_security_check is nothing
but a servlet that a request is redirected to when intercepted, you still
have the opportunity to have a filter fire, so you can grab j_username and
j_password if you wish and stick them in session (assuming it is created
already... you may have set things up to not have a session at that

Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies

On Mon, August 1, 2005 9:04 am, Chris Holden said:
> Hi, I am using the built in security constraints to password protect some
> directories in my app. It works fine, but I was wondering when someone
> uses the login form to get to the passworded directory or page, is it
> possible to get the username and/or password that the user submits in the
> j_security_check form? I'd like to be able to set a cookie or session
> variable with the persons username in after they log in so the next time
> they come back to the site they see a personalised greeting kind of thing.
> I've tried printing out all request attributes/parameters, session
> variables and cookies after and before login but apart from the sessionid
> there isnt anything set.
> Does anyone know how to do what I want?
> Cheers,
> Chris.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message