You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Adam Hardy <ah...@cyberspaceroad.com> on 2004/02/01 19:57:53 UTC
Re: ServletFilter on j_security_check
Frank,
if you develop a JAAS login module, you can get it to do pretty much
anything you want, apart from having instant access to that user's
session. You could write the login attempts to a database for instance.
Adam
On 01/31/2004 11:51 PM Tim Funk wrote:
> Yeah. Use a Valve. A Valve is just like a filter but is tomcat dependent
> and is issued before any filters are invoked.
>
> Any such functionality your looking for is NOT Servlet spec specific so
> whatever solution you use - you'll be locked into that container.
>
> -Tim
>
> Frank Febbraro wrote:
>
>> Well that sucks :-(
>>
>> Any change that in the future Tomcat can have somethign silimar to the
>> auth-filter in WebLogic...basically just a way to hookup (via
>> interface) a
>> class that can be notified of these events?
>>
>> Guess I need to break out my papers and roll my own....again.
>>
>> For those with problems such as these, check out
>> http://opensource.atlassian.com/seraph/introduction.html
>>
>> ----- Original Message ----- From: "Tim Funk" <fu...@joedog.org>
>> To: "Tomcat Users List" <to...@jakarta.apache.org>
>> Sent: Friday, January 30, 2004 7:29 AM
>> Subject: Re: ServletFilter on j_security_check
>>
>>
>>
>>> The Sun spec team has said that filters can't be applied to
>>
>>
>> j_security_check.
>>
>>> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795
>>>
>>> -Tim
>>>
>>> Frank Febbraro wrote:
>>>
>>>
>>>> Using Tomcat 4.1.x
>>>>
>>>> In looking at the source it seems that there is no simple way to hook
>>
>>
>> into the Login process to get notified of successes or failures
>> (dammit). So
>> I was attempting to servlet filter the j_security_check and do my own
>> pre/post processing. However I am unable to filter it. Is this URL
>> specifically ignored by the filtering mechanism?
>>
>>>> My web.xml file looks as such...
>>>>
>>>> <filter>
>>>> <filter-name>login</filter-name>
>>>> <filter-class>raider.portal.servlet.LoginFilter</filter-class>
>>>> </filter>
>>>>
>>>> <filter-mapping>
>>>> <filter-name>login</filter-name>
>>>> <url-pattern>/j_security_check</url-pattern>
>>>> </filter-mapping>
>>>>
>>>> Kinda running out of options at this point, anyone else had a problem
>>
>>
>> similar to needing to audit the login results?
>>
>>>> Thanks in advance,
>>>> Frank
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org