tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: extending JDBCRealm
Date Thu, 05 Oct 2006 22:26:30 GMT

Check out Securityfilter:

I have submitted patches and sample (check the forums) that include the
ability to get access to the IP, etc.

My app currently logs successful and failed login attempts.

As for "logging" the user in... that's not really part of authentication
or authorization, is it? I maintain that logic such as that should not
be in the component that is doing your AAA.

What I have done is create a Filter that checks to see if the user's
session contains my own "user" object. If not, I "log them in" and stick
their user object into the session.

This setup (including Securityfilter) is completely portable across app
servers if you find yourself in the unfortunate situation of having to


Magnus Bergman wrote:
> Hi,
> I'm using the JDBCRealm to authorize users to access my applications.
> I would like to "log" users when they login or tries to login to any
> application on my tomcat, to do this I have extended the JDBCRealm and
> overridden the authenticate-methods, by this I can log when and which
> user login to any application on my tomcat, but I also want to log which
> host/ip-number they login from? I know that information is in the
> HttpServletRequest, but how do I get hold of that information in my
> extended JDBCRealm? Or maybe there is a better way to solve this?
> /magnus
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message