You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by lmk <lo...@yahoo.fr> on 2008/09/01 15:51:26 UTC
j_security_check get password on the request
hi all,
Im using form based jaas authentication, I have to call a stored procedure
with the user name and password to ininitialize some business objects!
how can I get the password on the j_security_check request?
can we use servlet filter to do this
thanks!
--
View this message in context: http://www.nabble.com/j_security_check-get-password-on-the-request-tp19255065p19255065.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: j_security_check get password on the request
Posted by lmk <lo...@yahoo.fr>.
thanks Christopher,
I found another solution, I use a custom class UserPricipal with userName
and userId parameter, when the user is autheticated, I populate userId. on
the servlet,
I get the UserPrincipal object from the request.
best regards!
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> lmk,
>
> lmk wrote:
>> Im using form based jaas authentication, I have to call a stored
>> procedure
>> with the user name and password to ininitialize some business objects!
>>
>> how can I get the password on the j_security_check request?
>>
>> can we use servlet filter to do this
>
> Unfortunately, Tomcat does not give your application code any
> opportunity to fetch the credentials or anything else from the request
> when using container-managed authentication.
>
> We had a similar problem in that we wanted to update the "last login
> time" of the user, and also lost user prefs from our database. We
> decided to write a filter that basically did this:
>
> Check session for a marker object with session key "USER"
> a. If marker exists, do nothing and chain to the next filter
> b. If marker does not exist, perform database UPDATE and SELECT,
> then insert USER marker into the session
>
> This has worked very well for us for quite a while. It also has the
> added benefit of separating the concerns of authentication and
> authorization with login logic.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAki+uo0ACgkQ9CaO5/Lv0PDoAQCeLHhb2AyyhAaOLzdMKArgdlKw
> o1MAmwYtyJfoHHkdwbJ327sEjt4cw9rN
> =2pwJ
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/j_security_check-get-password-on-the-request-tp19255065p19306306.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: j_security_check get password on the request
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
lmk,
lmk wrote:
> Im using form based jaas authentication, I have to call a stored procedure
> with the user name and password to ininitialize some business objects!
>
> how can I get the password on the j_security_check request?
>
> can we use servlet filter to do this
Unfortunately, Tomcat does not give your application code any
opportunity to fetch the credentials or anything else from the request
when using container-managed authentication.
We had a similar problem in that we wanted to update the "last login
time" of the user, and also lost user prefs from our database. We
decided to write a filter that basically did this:
Check session for a marker object with session key "USER"
a. If marker exists, do nothing and chain to the next filter
b. If marker does not exist, perform database UPDATE and SELECT,
then insert USER marker into the session
This has worked very well for us for quite a while. It also has the
added benefit of separating the concerns of authentication and
authorization with login logic.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAki+uo0ACgkQ9CaO5/Lv0PDoAQCeLHhb2AyyhAaOLzdMKArgdlKw
o1MAmwYtyJfoHHkdwbJ327sEjt4cw9rN
=2pwJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org