You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2007/08/14 18:05:55 UTC

Re: [OT] tomcat 5.5 authentication question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eugen,

Eugen Stoianovici wrote:
> Since I can't intercept the login form (which goes to j_security_check)
> where should i put the code for setting those session values?

Ah, but you can intercept it!

You just need to think outside the container. Or, inside, rather. Use a
filter with logic like this:

public void doFilter(...)
{
    Principal p = request.getPrincipal();
    HttpSession session = request.getSession();
    Object mySessionObj = session.getAttribute("my_session_key");

    if(null != p && null == mySessionObj)
    {
        // There is a Principal (valid login) who has not been set up.

        // TODO: retrieve whatever objects you need to stick in
        // the session.
        mySessionObj = ...;

        session.setAttribute("my_session_key", mySessionObj);
    }
}

I myself use a filter like this, and it works just fine.

I hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGwdLj9CaO5/Lv0PARAtUKAJ49aG9OFCmlLfiwElOIqilRWgxLWACgmAph
QrsIbkd6e1CykySOfx+sfPQ=
=WzPF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org