tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: j_security_check get password on the request
Date Wed, 03 Sep 2008 16:25:50 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

lmk,

lmk wrote:
> Im using form based jaas authentication, I have to call a stored procedure 
> with the user name and password to ininitialize some business objects!
> 
> how can I get the password  on the j_security_check request?
> 
> can we use servlet filter to do this

Unfortunately, Tomcat does not give your application code any
opportunity to fetch the credentials or anything else from the request
when using container-managed authentication.

We had a similar problem in that we wanted to update the "last login
time" of the user, and also lost user prefs from our database. We
decided to write a filter that basically did this:

Check session for a marker object with session key "USER"
 a. If marker exists, do nothing and chain to the next filter
 b. If marker does not exist, perform database UPDATE and SELECT,
    then insert USER marker into the session

This has worked very well for us for quite a while. It also has the
added benefit of separating the concerns of authentication and
authorization with login logic.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki+uo0ACgkQ9CaO5/Lv0PDoAQCeLHhb2AyyhAaOLzdMKArgdlKw
o1MAmwYtyJfoHHkdwbJ327sEjt4cw9rN
=2pwJ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message