You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chema <de...@gmail.com> on 2011/07/18 12:03:33 UTC
Init HTTP session during realm authentication stage
Hi all:
I'm using realm tool for user authentication on Tomcat 7
I've made a custom realm overriding authenticate() method of
DataSourceRealm class.
And all works fine.
But I would like to initialize HTTP session in this stage with user data.
My custom authenticate() method queries user data to check if exists
or not , and I wouldn't like to have to call another service to
perform the same query.
Is this possible ? Any ideas ??
Thanks and regards
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Init HTTP session during realm authentication stage
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chema,
On 7/18/2011 9:16 AM, Chema wrote:
> Now I'm trying to use filters. When realm code validates an user ,
> redirect to protected resource. If I can filter this redirection and
> load user data into session, I think that could works
This is how we do things using a custom Realm. We allow Tomcat to go
about it's business setting the Principal in the request, and then we
use a Filter to detect that the Principal is set but no "user" object is
in the session. At that point, we perform the "real" login and do
whatever is necessary on top of the actual authentication.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4kSlwACgkQ9CaO5/Lv0PADegCeL2PnZlp0tUy19OFqcoPIGSzE
wokAoIg440qywv9coCciX1gmuCLKYHlp
=1Qac
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Init HTTP session during realm authentication stage
Posted by Chema <de...@gmail.com>.
2011/7/18 Chema <de...@gmail.com>
>>
>
> Yes, could be useful :-)
>
> Thanks
>
I guess it's not so useful than I thought :-/
The reason is that HttpSessionListener.sessionCreated method is
invoked always when Tomcat server receives the first petition.
Session is not created by realm code when user is validated.
Now I'm trying to use filters. When realm code validates an user ,
redirect to protected resource. If I can filter this redirection and
load user data into session, I think that could works
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Init HTTP session during realm authentication stage
Posted by Chema <de...@gmail.com>.
2011/7/18 chris derham <ch...@derham.me.uk>:
>
> Couldn't you just implement HttpSessionListener?
>
> Chris
>
Yes, could be useful :-)
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Init HTTP session during realm authentication stage
Posted by chris derham <ch...@derham.me.uk>.
>
> But I would like to initialize HTTP session in this stage with user data.
> My custom authenticate() method queries user data to check if exists
> or not , and I wouldn't like to have to call another service to
> perform the same query.
>
Couldn't you just implement HttpSessionListener?
Chris