tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmk <>
Subject Re: j_security_check get password on the request
Date Thu, 04 Sep 2008 09:09:46 GMT

thanks Christopher,

I found another solution, I use a custom class UserPricipal with userName
and userId parameter, when the user is autheticated, I populate userId. on
the servlet, 
I get the UserPrincipal object from the request.

best regards!

Christopher Schultz-2 wrote:
> Hash: SHA1
> lmk,
> lmk wrote:
>> Im using form based jaas authentication, I have to call a stored
>> procedure 
>> with the user name and password to ininitialize some business objects!
>> how can I get the password  on the j_security_check request?
>> can we use servlet filter to do this
> Unfortunately, Tomcat does not give your application code any
> opportunity to fetch the credentials or anything else from the request
> when using container-managed authentication.
> We had a similar problem in that we wanted to update the "last login
> time" of the user, and also lost user prefs from our database. We
> decided to write a filter that basically did this:
> Check session for a marker object with session key "USER"
>  a. If marker exists, do nothing and chain to the next filter
>  b. If marker does not exist, perform database UPDATE and SELECT,
>     then insert USER marker into the session
> This has worked very well for us for quite a while. It also has the
> added benefit of separating the concerns of authentication and
> authorization with login logic.
> - -chris
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla -
> iEYEARECAAYFAki+uo0ACgkQ9CaO5/Lv0PDoAQCeLHhb2AyyhAaOLzdMKArgdlKw
> o1MAmwYtyJfoHHkdwbJ327sEjt4cw9rN
> =2pwJ
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View this message in context:
Sent from the Tomcat - User mailing list archive at

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message