You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by alee amin <ma...@gmail.com> on 2007/09/19 12:52:10 UTC
Filter on j_security_check or Alternate way
Hi,
I have implemented form based security on web app using JDBCRealm in
server.xml file. It has been implemented. Now i want to use some pre-req
before accessing any page in secure area say (faces/secure/main.xhtml).
My index page redirect to faces/secure/main.xhtml where it ask for login and
then the page is shown. I want to interpret the request after the login and
before main.xhtml. I have read different topics and it is not possible to
implement Filter on j_security_check (not sure for tomcat 5.5+). Is there
any way to implement on it or there is any alternate that i can interpret
the request?
(security constraint on /faces/secure/*)
I have used an alternate
index -> faces/secure/redirect.jsp -> login (by tomcat) and then
faces/secure/redirect.jsp -> faces/secure/main.xhtml (redirecting to this
page from redirect page). I implemented the FILTER on redirect.jsp. It is
invoking but i am not liking the method.
so any possible thing i can do?
cheer,
..alee
--
Muhammad Ali
http://techboard.wordpress.com
Software Engineer - E2ESP
muhammadaliamin(at)gmail(dot)com
Re: Filter on j_security_check or Alternate way
Posted by David Delbecq <de...@oma.be>.
Map a filter to your JSF servlet (faces/*). In that filter check that
user principal is not null. If it's not null, do your initialization
stuff if not yet done. When it's done, store that state information in
session. Here that's how we check and upgrade user profile informations
upon login.
If you need to do something *before user type in credential infos*, but
only when *login is required*, you will have to do it from inside the
JSP that does render the login form
alee amin a écrit :
> yeah i can get info from getPrincipal() but where should i put that code to
> retrieve the info? where should i save the state in session? at login page?
> no - then after login the secured page is going to open - i need to save
> something or process something before it.
>
> -alee
>
> On 9/19/07, Tim Funk <fu...@joedog.org> wrote:
>
>> Filters are not invoked on j_security_check
>>
>> If you need to do something "special" on login - you will need to store
>> some state in the session. (Like session variable called
>> didInitializeSession)
>>
>> Then the filter can check for the existence of a
>> request.getUserPrincipal() &&
>> session.getAttribute("didInitializeSession") to see if you need to do
>> any special setup work.
>>
>> -Tim
>>
>> alee amin wrote:
>>
>>> Hi,
>>>
>>> I have implemented form based security on web app using JDBCRealm in
>>> server.xml file. It has been implemented. Now i want to use some pre-req
>>> before accessing any page in secure area say (faces/secure/main.xhtml).
>>>
>>> My index page redirect to faces/secure/main.xhtml where it ask for login
>>>
>> and
>>
>>> then the page is shown. I want to interpret the request after the login
>>>
>> and
>>
>>> before main.xhtml. I have read different topics and it is not possible
>>>
>> to
>>
>>> implement Filter on j_security_check (not sure for tomcat 5.5+). Is
>>>
>> there
>>
>>> any way to implement on it or there is any alternate that i can
>>>
>> interpret
>>
>>> the request?
>>>
>>> (security constraint on /faces/secure/*)
>>>
>>> I have used an alternate
>>> index -> faces/secure/redirect.jsp -> login (by tomcat) and then
>>> faces/secure/redirect.jsp -> faces/secure/main.xhtml (redirecting to
>>>
>> this
>>
>>> page from redirect page). I implemented the FILTER on redirect.jsp. It
>>>
>> is
>>
>>> invoking but i am not liking the method.
>>>
>>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Filter on j_security_check or Alternate way
Posted by alee amin <ma...@gmail.com>.
yeah i can get info from getPrincipal() but where should i put that code to
retrieve the info? where should i save the state in session? at login page?
no - then after login the secured page is going to open - i need to save
something or process something before it.
-alee
On 9/19/07, Tim Funk <fu...@joedog.org> wrote:
>
> Filters are not invoked on j_security_check
>
> If you need to do something "special" on login - you will need to store
> some state in the session. (Like session variable called
> didInitializeSession)
>
> Then the filter can check for the existence of a
> request.getUserPrincipal() &&
> session.getAttribute("didInitializeSession") to see if you need to do
> any special setup work.
>
> -Tim
>
> alee amin wrote:
> > Hi,
> >
> > I have implemented form based security on web app using JDBCRealm in
> > server.xml file. It has been implemented. Now i want to use some pre-req
> > before accessing any page in secure area say (faces/secure/main.xhtml).
> >
> > My index page redirect to faces/secure/main.xhtml where it ask for login
> and
> > then the page is shown. I want to interpret the request after the login
> and
> > before main.xhtml. I have read different topics and it is not possible
> to
> > implement Filter on j_security_check (not sure for tomcat 5.5+). Is
> there
> > any way to implement on it or there is any alternate that i can
> interpret
> > the request?
> >
> > (security constraint on /faces/secure/*)
> >
> > I have used an alternate
> > index -> faces/secure/redirect.jsp -> login (by tomcat) and then
> > faces/secure/redirect.jsp -> faces/secure/main.xhtml (redirecting to
> this
> > page from redirect page). I implemented the FILTER on redirect.jsp. It
> is
> > invoking but i am not liking the method.
> >
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Muhammad Ali
http://techboard.wordpress.com
Software Engineer - E2ESP
muhammadaliamin(at)gmail(dot)com
Re: Filter on j_security_check or Alternate way
Posted by Tim Funk <fu...@joedog.org>.
Filters are not invoked on j_security_check
If you need to do something "special" on login - you will need to store
some state in the session. (Like session variable called
didInitializeSession)
Then the filter can check for the existence of a
request.getUserPrincipal() &&
session.getAttribute("didInitializeSession") to see if you need to do
any special setup work.
-Tim
alee amin wrote:
> Hi,
>
> I have implemented form based security on web app using JDBCRealm in
> server.xml file. It has been implemented. Now i want to use some pre-req
> before accessing any page in secure area say (faces/secure/main.xhtml).
>
> My index page redirect to faces/secure/main.xhtml where it ask for login and
> then the page is shown. I want to interpret the request after the login and
> before main.xhtml. I have read different topics and it is not possible to
> implement Filter on j_security_check (not sure for tomcat 5.5+). Is there
> any way to implement on it or there is any alternate that i can interpret
> the request?
>
> (security constraint on /faces/secure/*)
>
> I have used an alternate
> index -> faces/secure/redirect.jsp -> login (by tomcat) and then
> faces/secure/redirect.jsp -> faces/secure/main.xhtml (redirecting to this
> page from redirect page). I implemented the FILTER on redirect.jsp. It is
> invoking but i am not liking the method.
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org