You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ben Bookey <be...@gistec-online.de> on 2005/02/03 11:45:29 UTC
Login filter
Dear List,
I would like to perform an action after the user logs in to our app.
We are using the tomcat Realm security model, with an Oracle database.
So therefoer I am trying to implement a filter in Tomcat 4.1.27, which
checks for all requests on the url /j_security_check
I know my filter is initialised because I do a out.println
to a logfile. But for some reason when I do a successful login
it doesnt perform the doFilter() method, so I suspect its something
to with the mapping below.
Any hints?
regards
'===========================================================================
================
Here is the entry to the web.xml
<filter>
<filter-name>LoginFilter</filter-name>
<description>Performs pre-login and post-login operation</description>
<filter-class>com.myorg.myapp.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/j_security_check</url-pattern>
</filter-mapping>
'===========================================================================
==================
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: AW: Login filter
Posted by Mario Winterer <ma...@eduhi.at>.
Hi Ben!
You cannot hook in the login validation process without touching tomcat
code.
But usually, this is not necessary. Just write a filter and map it to
"/" - every request will be directed to your filter - except requests to
"j_security_check". But this should not bother you, because your filter
will be invoked right after a successful login process.
Inside your filter code, check if a certain session-attribute is set. If
not, it is the first time after session creation that your filter is
called. If this is the case, do whatever you intend to do and set the
session-attribute to ensure that your code is only run once.
In pseudo-code (inside your filter's doFilter()-method):
if (request.getRemoteUser() == null) {
// user is not logged in: clear session attribute if set
session.removeAttribute("login");
} else if (session.getAttribute("login") == null) {
// user is logged in but this filter has not been called since
<put your special code here>
// set the session attribute to avoid that the "special code" above
is called twice:
session.setAttribute("login", "true");
}
Best regards,
Tex
>Hi Tim,
>
>Apologies for hassling you again with this.
>
>Any idea without getting inside of the TC source, how I can
>write some code just b4 and after the user login validation into the webapp
>with using the TC Realm
>and j_security_check ?? or must I go inside of the source :-(
>
>regards
>Ben
>p.s. I got this idea from a ibm websphere help doc, where it is possible !
>
>
>-----Ursprungliche Nachricht-----
>Von: Tim Funk [mailto:funkman@joedog.org]
>Gesendet: Donnerstag, 3. Februar 2005 12:41
>An: Tomcat Users List
>Betreff: Re: Login filter
>
>
>Filters cannot be run on j_security_check.
>
>-Tim
>
>Ben Bookey wrote:
>
>
>
>>Dear List,
>>
>>I would like to perform an action after the user logs in to our app.
>>We are using the tomcat Realm security model, with an Oracle database.
>>So therefoer I am trying to implement a filter in Tomcat 4.1.27, which
>>checks for all requests on the url /j_security_check
>>
>>I know my filter is initialised because I do a out.println
>>to a logfile. But for some reason when I do a successful login
>>it doesnt perform the doFilter() method, so I suspect its something
>>to with the mapping below.
>>
>>Any hints?
>>
>>regards
>>
>>
>>
>>
>'===========================================================================
>
>
>>================
>>Here is the entry to the web.xml
>> <filter>
>> <filter-name>LoginFilter</filter-name>
>> <description>Performs pre-login and post-login operation</description>
>> <filter-class>com.myorg.myapp.filter.LoginFilter</filter-class>
>> </filter>
>> <filter-mapping>
>> <filter-name>LoginFilter</filter-name>
>> <url-pattern>/j_security_check</url-pattern>
>> </filter-mapping>
>>
>>
>>
>'===========================================================================
>
>
>>==================
>>
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: AW: Login filter
Posted by Tim Funk <fu...@joedog.org>.
Your only recourse is to sse a Valve. (Which is just like a filter but tomcat
specific)
-Tim
Ben Bookey wrote:
> Hi Tim,
>
> Apologies for hassling you again with this.
>
> Any idea without getting inside of the TC source, how I can
> write some code just b4 and after the user login validation into the webapp
> with using the TC Realm
> and j_security_check ?? or must I go inside of the source :-(
>
> regards
> Ben
> p.s. I got this idea from a ibm websphere help doc, where it is possible !
>
>
> -----Ursprungliche Nachricht-----
> Von: Tim Funk [mailto:funkman@joedog.org]
> Gesendet: Donnerstag, 3. Februar 2005 12:41
> An: Tomcat Users List
> Betreff: Re: Login filter
>
>
> Filters cannot be run on j_security_check.
>
> -Tim
>
> Ben Bookey wrote:
>
>
>>Dear List,
>>
>>I would like to perform an action after the user logs in to our app.
>>We are using the tomcat Realm security model, with an Oracle database.
>>So therefoer I am trying to implement a filter in Tomcat 4.1.27, which
>>checks for all requests on the url /j_security_check
>>
>>I know my filter is initialised because I do a out.println
>>to a logfile. But for some reason when I do a successful login
>>it doesnt perform the doFilter() method, so I suspect its something
>>to with the mapping below.
>>
>>Any hints?
>>
>>regards
>>
>>
>
> '===========================================================================
>
>>================
>>Here is the entry to the web.xml
>> <filter>
>> <filter-name>LoginFilter</filter-name>
>> <description>Performs pre-login and post-login operation</description>
>> <filter-class>com.myorg.myapp.filter.LoginFilter</filter-class>
>> </filter>
>> <filter-mapping>
>> <filter-name>LoginFilter</filter-name>
>> <url-pattern>/j_security_check</url-pattern>
>> </filter-mapping>
>>
> '===========================================================================
>
>>==================
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
AW: Login filter
Posted by Ben Bookey <be...@gistec-online.de>.
Hi Tim,
Apologies for hassling you again with this.
Any idea without getting inside of the TC source, how I can
write some code just b4 and after the user login validation into the webapp
with using the TC Realm
and j_security_check ?? or must I go inside of the source :-(
regards
Ben
p.s. I got this idea from a ibm websphere help doc, where it is possible !
-----Ursprungliche Nachricht-----
Von: Tim Funk [mailto:funkman@joedog.org]
Gesendet: Donnerstag, 3. Februar 2005 12:41
An: Tomcat Users List
Betreff: Re: Login filter
Filters cannot be run on j_security_check.
-Tim
Ben Bookey wrote:
> Dear List,
>
> I would like to perform an action after the user logs in to our app.
> We are using the tomcat Realm security model, with an Oracle database.
> So therefoer I am trying to implement a filter in Tomcat 4.1.27, which
> checks for all requests on the url /j_security_check
>
> I know my filter is initialised because I do a out.println
> to a logfile. But for some reason when I do a successful login
> it doesnt perform the doFilter() method, so I suspect its something
> to with the mapping below.
>
> Any hints?
>
> regards
>
>
'===========================================================================
> ================
> Here is the entry to the web.xml
> <filter>
> <filter-name>LoginFilter</filter-name>
> <description>Performs pre-login and post-login operation</description>
> <filter-class>com.myorg.myapp.filter.LoginFilter</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>LoginFilter</filter-name>
> <url-pattern>/j_security_check</url-pattern>
> </filter-mapping>
>
'===========================================================================
> ==================
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Login filter
Posted by Tim Funk <fu...@joedog.org>.
Filters cannot be run on j_security_check.
-Tim
Ben Bookey wrote:
> Dear List,
>
> I would like to perform an action after the user logs in to our app.
> We are using the tomcat Realm security model, with an Oracle database.
> So therefoer I am trying to implement a filter in Tomcat 4.1.27, which
> checks for all requests on the url /j_security_check
>
> I know my filter is initialised because I do a out.println
> to a logfile. But for some reason when I do a successful login
> it doesnt perform the doFilter() method, so I suspect its something
> to with the mapping below.
>
> Any hints?
>
> regards
>
> '===========================================================================
> ================
> Here is the entry to the web.xml
> <filter>
> <filter-name>LoginFilter</filter-name>
> <description>Performs pre-login and post-login operation</description>
> <filter-class>com.myorg.myapp.filter.LoginFilter</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>LoginFilter</filter-name>
> <url-pattern>/j_security_check</url-pattern>
> </filter-mapping>
> '===========================================================================
> ==================
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org