You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2007/08/14 18:05:55 UTC
Re: [OT] tomcat 5.5 authentication question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eugen,
Eugen Stoianovici wrote:
> Since I can't intercept the login form (which goes to j_security_check)
> where should i put the code for setting those session values?
Ah, but you can intercept it!
You just need to think outside the container. Or, inside, rather. Use a
filter with logic like this:
public void doFilter(...)
{
Principal p = request.getPrincipal();
HttpSession session = request.getSession();
Object mySessionObj = session.getAttribute("my_session_key");
if(null != p && null == mySessionObj)
{
// There is a Principal (valid login) who has not been set up.
// TODO: retrieve whatever objects you need to stick in
// the session.
mySessionObj = ...;
session.setAttribute("my_session_key", mySessionObj);
}
}
I myself use a filter like this, and it works just fine.
I hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGwdLj9CaO5/Lv0PARAtUKAJ49aG9OFCmlLfiwElOIqilRWgxLWACgmAph
QrsIbkd6e1CykySOfx+sfPQ=
=WzPF
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org