tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin O'Shea" <app...@dsl.pipex.com>
Subject RE: Detecting a login or logoff event
Date Thu, 06 Oct 2011 14:04:42 GMT
Unfortunately I'm not using spring in my application but thanks anyway.

-----Original Message-----
From: Chema [mailto:demablogia@gmail.com] 
Sent: 06 Oct 2011 15 02
To: Tomcat Users List
Subject: Re: Detecting a login or logoff event

For logout, you can implement a HttpSessionListener .
It has got a method:

public void sessionDestroyed(HttpSessionEvent se)

It's invoked when http session is invalidated. ( session.invalidated() )

So, you have to invalidate http session when user makes logout ( i.e, user
clicks a logout button and calls a servlet ) To capture when user is closing
the browser , you need use javascript events and throw a call to the server.
Maybe, a filter can be use to capture this event

For login, you can use Spring Security
Maybe for logout too, but I don't know it Or your use your own filters




2011/10/6 Martin O'Shea <appy74@dsl.pipex.com>

> I need to be able to intercept a successful authentication of a login 
> / logout request which can then be used to make a series of system 
> updates to record the fact.
>
> So, if John Doe has just logged in successfully, an update is made to 
> his session like:
>
> session.setAttribute("loggedIntoSession", true);
>
> Or an update made to the database?
>
> Conversely, upon logout:
>
> session.setAttribute("loggedIntoSession", false);
>
> At the moment, I am thinking about scriptlets in the pages served 
> testing the request's servlet path after login is successful but is a
filter better?
> But if so, what might a filter check for?
>
> -----Original Message-----
> From: Martin O'Shea [mailto:appy74@dsl.pipex.com]
> Sent: 05 Oct 2011 23 06
> To: 'Tomcat Users List'
> Subject: RE: Using multiple login pages
>
> Thanks for this Chris. It is food for thought.
>
> I was under the impression that <form-login-page> was static, because 
> that's how I seen it used in apps I've worked on.
>
> But I am curious to try a filter as well, something like this mapped 
> to the
> login:
>
> public void doFilter(ServletRequest request, ServletResponse response, 
> FilterChain chain) throws java.io.IOException, ServletException {
>
>
>      HttpServletRequest req = (HttpServletRequest)request;
>      HttpServletResponse res = (HttpServletResponse)response;
>
>      // pre login action
>
>      // get username
>      String username = req.getParameter("j_username");
>
>      // if user is in revoked list send error
>      if ( revokeList.contains(username) ) {
>
res.sendError(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED);
>      return;
>      }
>
>      // call next filter in the chain : let j_security_check authenticate
>      // user
>      chain.doFilter(request, response);
>
>      // post login action
>
>   }
>
> I wouldn't mind seeing a servlet specified as <form-login-page> if you 
> know of an example.
>
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: 05 Oct 2011 22 08
> To: Tomcat Users List
> Subject: Re: Using multiple login pages
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Martin,
>
> On 10/5/2011 1:59 PM, Martin O'Shea wrote:
> > I have it now. There was a redirection going on in a method called 
> > from a scriptlet in the login page. It now seems to be OK.
>
> Glad you got it going.
>
> > But one thing bugs me still: you said that you can have 'different 
> > login pages for different types of resources you're trying to 
> > reach.' Can you give any pointers about this?
>
> A "page" is defined as whatever the server responds when you request a 
> resource. The <form-login-page> you configure in your web.xml can be
> dynamic: you can do whatever you want in that page. It doesn't have to 
> be a static <form> that always looks the same. You can 
> include/forward/etc from that page. It doesn't even have to be a JSP.
> You can configure the <login-form-page> to be a servlet that makes 
> decisions and forwards to some other .jsp file.
>
> Use your imagination.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk6MxyEACgkQ9CaO5/Lv0PByHACfZL9ykx3wPGApX1yyzjxYwkQR
> Rf4AoJG5DnnBtbIFYzZsKSLzPJOjJq2j
> =A5GW
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message