tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmk <lotf...@yahoo.fr>
Subject Re: j_security_check get password on the request
Date Thu, 04 Sep 2008 09:09:46 GMT

thanks Christopher,

I found another solution, I use a custom class UserPricipal with userName
and userId parameter, when the user is autheticated, I populate userId. on
the servlet, 
I get the UserPrincipal object from the request.

best regards!



Christopher Schultz-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> lmk,
> 
> lmk wrote:
>> Im using form based jaas authentication, I have to call a stored
>> procedure 
>> with the user name and password to ininitialize some business objects!
>> 
>> how can I get the password  on the j_security_check request?
>> 
>> can we use servlet filter to do this
> 
> Unfortunately, Tomcat does not give your application code any
> opportunity to fetch the credentials or anything else from the request
> when using container-managed authentication.
> 
> We had a similar problem in that we wanted to update the "last login
> time" of the user, and also lost user prefs from our database. We
> decided to write a filter that basically did this:
> 
> Check session for a marker object with session key "USER"
>  a. If marker exists, do nothing and chain to the next filter
>  b. If marker does not exist, perform database UPDATE and SELECT,
>     then insert USER marker into the session
> 
> This has worked very well for us for quite a while. It also has the
> added benefit of separating the concerns of authentication and
> authorization with login logic.
> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAki+uo0ACgkQ9CaO5/Lv0PDoAQCeLHhb2AyyhAaOLzdMKArgdlKw
> o1MAmwYtyJfoHHkdwbJ327sEjt4cw9rN
> =2pwJ
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/j_security_check-get-password-on-the-request-tp19255065p19306306.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message