You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Torsten Römer <to...@luniks.net> on 2005/05/22 16:31:15 UTC
Performing an action on form-based login
This question has been asked (and answered to) earlier, but I am still
unsure:
I am using container managed security with form-based authentication. I
am really happy with how it works. But now I would like to perform an
action when a user has authenticated, such as loading user preferences
and store them in the session.
First I thought I could use a HttpSessionListener for that. Now I know
when a new session has been created, but what I am missing is the
username. The only way to get it seems to be from a request using
getRemoteUser(). Or am I wrong? I really hope I am...
I read about setting up a filter but then read somewhere else that this
is not reliable.
I also found this article "Active Authentication"
http://java.sys-con.com/read/37660.htm which sounds interesting but the
link to the source code is broken, so I don't get how to implement that.
Can someone help me out?
Torsten
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Performing an action on form-based login
Posted by Torsten Römer <to...@luniks.net>.
Hi Ross,
Ross Nicoll schrieb:
> We're having more or less the same problem. Is there perhaps a chance
> of a UserFormLoginListener in a future version of Tomcat? Anyone have
> any advice on this?
Such a listener would be nice...
I now went for a filter (as seen in another post) and I am very
satisfied with how it works. I mapped the filter to the URL-pattern "/*"
so all requests go to it. In the doFilter() method I use
request.getRemoteUser() to differentiate between an authenticated and a
"guest" session. Then I store some "User" object in the session and use
it to check if the session is new or if a user has just logged in.
If you like I post some details.
>
> Some reliable method for logging out a user would also be extremely useful.
This you probably know anyway, but I use
request.getSession(false).invalidate() and then I redirect to the main
page. As I understand the new request made by the redirect causes a
clean new session to be created. At least I can say it works fine for me.
>
> On 5/22/05, Torsten Römer <to...@luniks.net> wrote:
>>This question has been asked (and answered to) earlier, but I am still
>>unsure:
>>
>>I am using container managed security with form-based authentication. I
>>am really happy with how it works. But now I would like to perform an
>>action when a user has authenticated, such as loading user preferences
>>and store them in the session.
>>
>>First I thought I could use a HttpSessionListener for that. Now I know
>>when a new session has been created, but what I am missing is the
>>username. The only way to get it seems to be from a request using
>>getRemoteUser(). Or am I wrong? I really hope I am...
>>
>>I read about setting up a filter but then read somewhere else that this
>>is not reliable.
>>
>>I also found this article "Active Authentication"
>>http://java.sys-con.com/read/37660.htm which sounds interesting but the
>>link to the source code is broken, so I don't get how to implement that.
>>
>>Can someone help me out?
>>
>>Torsten
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Performing an action on form-based login
Posted by Steve Kirk <to...@web-startup.co.uk>.
Not maybe of direct help unless you get really stuck, but my approach was to
use TCs sessions, but not its authentication framework. My original
reasoning for this was that I wanted login details to be in a RDMS table
along with other data. So I coded the login/logout process myself, which
was a little work to achieve, but gives me freedom to handle the sorts of
things you are talking about in a flexible way.
My way around the problem you describe is that when someone successfully
authenticates, I add their uid to the session object as a String in the
doGet() method:
String uid = request.getParameter("form_uid_field");
request.getSession(true).setAttribute(uid, null);
And because the uid is now accessible via the session object, when your
SessionListener catches the attributeAdded/Changed/Replaced events, they
pass a HttpSessionBindingEvent, from which you can call
.getSession().getAttribute("uid")
> -----Original Message-----
> From: Ross Nicoll [mailto:xugumad@gmail.com]
> Sent: Tuesday 24 May 2005 15:17
> To: Tomcat Users List
> Subject: Re: Performing an action on form-based login
>
>
> We're having more or less the same problem. Is there perhaps a chance
> of a UserFormLoginListener in a future version of Tomcat? Anyone have
> any advice on this?
>
> Some reliable method for logging out a user would also be
> extremely useful.
>
> On 5/22/05, Torsten Römer <to...@luniks.net> wrote:
> > This question has been asked (and answered to) earlier, but
> I am still
> > unsure:
> >
> > I am using container managed security with form-based
> authentication. I
> > am really happy with how it works. But now I would like to
> perform an
> > action when a user has authenticated, such as loading user
> preferences
> > and store them in the session.
> >
> > First I thought I could use a HttpSessionListener for that.
> Now I know
> > when a new session has been created, but what I am missing is the
> > username. The only way to get it seems to be from a request using
> > getRemoteUser(). Or am I wrong? I really hope I am...
> >
> > I read about setting up a filter but then read somewhere
> else that this
> > is not reliable.
> >
> > I also found this article "Active Authentication"
> > http://java.sys-con.com/read/37660.htm which sounds
> interesting but the
> > link to the source code is broken, so I don't get how to
> implement that.
> >
> > Can someone help me out?
> >
> > Torsten
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Performing an action on form-based login
Posted by Ross Nicoll <xu...@gmail.com>.
We're having more or less the same problem. Is there perhaps a chance
of a UserFormLoginListener in a future version of Tomcat? Anyone have
any advice on this?
Some reliable method for logging out a user would also be extremely useful.
On 5/22/05, Torsten Römer <to...@luniks.net> wrote:
> This question has been asked (and answered to) earlier, but I am still
> unsure:
>
> I am using container managed security with form-based authentication. I
> am really happy with how it works. But now I would like to perform an
> action when a user has authenticated, such as loading user preferences
> and store them in the session.
>
> First I thought I could use a HttpSessionListener for that. Now I know
> when a new session has been created, but what I am missing is the
> username. The only way to get it seems to be from a request using
> getRemoteUser(). Or am I wrong? I really hope I am...
>
> I read about setting up a filter but then read somewhere else that this
> is not reliable.
>
> I also found this article "Active Authentication"
> http://java.sys-con.com/read/37660.htm which sounds interesting but the
> link to the source code is broken, so I don't get how to implement that.
>
> Can someone help me out?
>
> Torsten
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org