tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Detecting a login or logoff event
Date Thu, 06 Oct 2011 14:05:19 GMT
> From: Martin O'Shea [mailto:appy74@dsl.pipex.com] 
> Subject: Detecting a login or logoff event

> I need to be able to intercept a successful authentication of a 
> login / logout request which can then be used to make a series
> of system updates to record the fact.

> I am thinking about scriptlets in the pages served testing the 
> request's servlet path after login is successful

If the integrity of your information is dependent on actions of the client, you have no data
integrity.  There's nothing stopping a client from disabling scripts, running their own scripts,
or doing anything else by accident or intent - you cannot control that.  Anything you do for
tracking must be done on the server side.

You probably can use a filter, but a Listener might be more appropriate.  See section 10 of
the servlet spec.  (Make sure you're looking at the current spec for the Tomcat version you're
using; the 2.2 spec you referenced earlier is badly out of date.)

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

Mime
View raw message