tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <delbd+jaka...@oma.be>
Subject Re: Filter on j_security_check or Alternate way
Date Wed, 19 Sep 2007 12:20:34 GMT
Map a filter to your JSF servlet (faces/*). In that filter check that 
user principal is not null. If it's not null, do your initialization 
stuff if not yet done. When it's done, store that state information in 
session. Here that's how we check and upgrade user profile informations 
upon login.

If you need to do something *before user type in credential infos*, but 
only when *login is required*, you will have to do it from inside the 
JSP that does render the login form
alee amin a écrit :
> yeah i can get info from getPrincipal() but where should i put that code to
> retrieve the info? where should i save the state in session? at login page?
> no - then after login the secured page is going to open - i need to save
> something or process something before it.
>
> -alee
>
> On 9/19/07, Tim Funk <funkman@joedog.org> wrote:
>   
>> Filters are not invoked on j_security_check
>>
>> If you need to do something "special" on login - you will need to store
>> some state in the session. (Like session variable called
>> didInitializeSession)
>>
>> Then the filter can check for the existence of a
>> request.getUserPrincipal() &&
>> session.getAttribute("didInitializeSession") to see if you need to do
>> any special setup work.
>>
>> -Tim
>>
>> alee amin wrote:
>>     
>>> Hi,
>>>
>>> I have implemented form based security on web app using JDBCRealm in
>>> server.xml file. It has been implemented. Now i want to use some pre-req
>>> before accessing any page in secure area say (faces/secure/main.xhtml).
>>>
>>> My index page redirect to faces/secure/main.xhtml where it ask for login
>>>       
>> and
>>     
>>> then the page is shown. I want to interpret the request after the login
>>>       
>> and
>>     
>>> before main.xhtml. I have read different topics and it is not possible
>>>       
>> to
>>     
>>> implement Filter on j_security_check (not sure for tomcat 5.5+). Is
>>>       
>> there
>>     
>>> any way to implement on it or there is any alternate that i can
>>>       
>> interpret
>>     
>>> the request?
>>>
>>> (security constraint on /faces/secure/*)
>>>
>>> I have used an alternate
>>> index -> faces/secure/redirect.jsp -> login (by tomcat) and then
>>> faces/secure/redirect.jsp -> faces/secure/main.xhtml (redirecting to
>>>       
>> this
>>     
>>> page from redirect page). I implemented the FILTER on redirect.jsp. It
>>>       
>> is
>>     
>>> invoking but i am not liking the method.
>>>
>>>       
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>     
>
>
>   

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message