Hi Srini, It is not possible to read username/password form data in a valve because the login form submission is handled by a dedicated JAAS form login servlet (/login/login) configured in /jetspeed/WEB-INF/web.xml. The j2-admin login portlet submits the login form to /login/proxy servlet, which redirects to /login/redirector servlet to trigger security check of the servlet container as configured for JAAS Form-based authentication in web.xml. These login related servlets are independent from Jetspeed pipelines/valves. The login related servlets (o.a.j.login.LoginServlet, LoginRedirectorServlet, ...) communicates with the browser multiple times and so those store the login form data in session temporarily. Of course, after login process, the temporary data is removed. So, one simple solution could be override the default Jetspeed login servlet(s) to catch the form data for other uses. However, it could be dangerous, it's up to you to do that with careful security consideration. For example, if you store the data in http session, then you could read the data in your custom valve later and remove those after doing something necessary.
HTH, Woonsan --- On Mon, 11/22/10, SriniPitta <[email protected]> wrote: > From: SriniPitta <[email protected]> > Subject: Re: session listener not working > To: [email protected] > Date: Monday, November 22, 2010, 8:41 PM > > Thanks for your reply Ron. With reference to my previous > post > dated(18/11/2010 11:23 AM), my requirement is used to store > the logged-in > user details in a common shared database such that other > php+perl based > application running in different server can use loggedin > user credentials > from shared database. > > As you referred, i can get the username after the login. > But as per my > requirement not all users logging into jetspeed portal are > registered inside > portal. This is reason, when user logins using jetspeed > default login > portlet (j2admin::LoginPortlet) i want to use valve which > can identify if > the user is registered in portal or not and if NOT, i > wanted to create the > user inside my valve and when jetspeed login valve > validates it will find > the user i created. This is one of the reason i > wanted to have my valve > called first before the jetspeed-login valve is called. > > The issue i have now is, i could not get the username from > Requextcontext > inside my valve that user enters on j2admin::loginportlet. > Please be > informed that its not my login portlet. I am using > j2admin::loginportlet. I > would like to get username and password that user enters > while login such > that i can check in my valve before the jetspeed login > valve is called. > > Please do let me know if i am not clear. > > Thanks, > Srini. > > > ronatartifact wrote: > > > > Why do you need the password? > > If you do really need the password, can you not get > that when you set up > > the account and store it in a safe place and get it > later. > > > > You have the username after the login. > > > > Ron > > > > > > On 22/11/2010 11:21 AM, SriniPitta wrote: > >> Sure, even if i allow the jetspeed's login to go > first, my valve does not > >> read the username and password from request > context. How can i read the > >> username and password values from request context > in my valve? > >> > >> Thanks. > >> Srini. > >> > >> ronatartifact wrote: > >>> Why not let Jetspeed's login go first and then > decide what to do if they > >>> get pass or do not pass. > >>> > >>> Ron > >>> > >>> On 22/11/2010 10:18 AM, SriniPitta wrote: > >>>> Ron, > >>>> > >>>> I have added my own valve to the > jetspeed-pipeline inside the file > >>>> 'jetspeed/WEB-INF/assembly/pipelines.xml'. > My valve is being invoked > >>>> however, i am unable to read the username > and password using the > >>>> RequestContext. Secondly, how can i > configure so that my valve is > >>>> invoked > >>>> first before any other valves in > jetspeed-pipeline. My valve is being > >>>> invoked after login. > >>>> > >>>> MyValve code snippet: > >>>> ======================== > >>>> public class MyLoginValidationValveImpl > extends AbstractValve > >>>> implements > >>>> Valve{ > >>>> > >>>> ..... > >>>> public void invoke(RequestContext request, > ValveContext context) > >>>> > throws PipelineException { > >>>> > >>>> String un = > >>>> > request.getRequest().getParameter(LoginConstants.USERNAME)); > >>>> // > >>>> does not get username > >>>> > request.getRequestParameter(LoginConstants.USERNAME)); // > does not get > >>>> username > >>>> } > >>>> =============================== > >>>> > >>>> Existing entries in pipelines.xml: > >>>> ==================== > >>>> <bean id='pipeline-map' > class='java.util.HashMap'> > >>>> <meta > key="j2:cat" value="default" /> > >>>> > <constructor-arg> > >>>> > <map> > >>>> > <entry key='/portlet'> > >>>> > <value>portlet-pipeline</value> > >>>> > </entry> > >>>> > <entry key='/portal'> > >>>> > <value>jetspeed-pipeline</value> > >>>> > </entry> > >>>> > <entry key='/ajaxapi'> > >>>> > <value>ajax-pipeline</value> > >>>> > </entry> > >>>> > <entry key='/login'> > >>>> > <value>jetspeed-pipeline</value> > >>>> > </entry> .............. > >>>> ============================= > >>>> > >>>> I added my valve 'MyLoginValidationValve' > to jetspeed-pipeline in below > >>>> : > >>>> > >>>> ============================== > >>>> <bean id="jetspeed-pipeline" > >>>> > class="org.apache.jetspeed.pipeline.JetspeedPipeline" > >>>> init-method="initialize"> > >>>> <meta > key="j2:cat" value="default" /> > >>>> > <constructor-arg> > >>>> > <value>JetspeedPipeline</value> > >>>> > </constructor-arg> > >>>> > <constructor-arg> > >>>> > <list> > >>>> > <ref bean="MyLoginValidationValve" > /> > >>>> > <ref bean="capabilityValve" /> > >>>> > <ref bean="portalURLValve" /> > >>>> > <ref bean="securityValve" /> > >>>> > <ref bean="localizationValve" /> > >>>> > <ref bean="passwordCredentialValve" > /> > >>>> > <ref bean="loginValidationValve" /> > >>>> > <ref bean="profilerValve" /> > >>>> > <ref bean="refreshUserHomepageValve" > /> ........... > >>>> ======================================== > >>>> > >>>> Thanks for your time. > >>>> > >>>> Srini. > >>>> > >>>> > >>>> ronatartifact wrote: > >>>>> I little more of the puzzle is > revealed. > >>>>> > >>>>> Have you looked at the description of > the valve in the processing > >>>>> pipeline. > >>>>> You can probably add your own valve to > the login pipeline to capture > >>>>> login. > >>>>> > >>>>> You are probably going to have to > implement a timout or watchdog > >>>>> process > >>>>> that cleans up your database after > users just leave without logging > >>>>> out. > >>>>> > >>>>> Ron > >>>>> > >>>>> > >>>>> On 18/11/2010 11:23 AM, SriniPitta > wrote: > >>>>>> I agree but I cannot put the > user's information in HTTP session as my > >>>>>> requirement is to store the > jetspeed user logged in information in a > >>>>>> common > >>>>>> shared database such that another > php+perl based application running > >>>>>> in > >>>>>> a > >>>>>> different apache server can know > about the user login by seeing the > >>>>>> new > >>>>>> entry in the database and will use > this information for rendering a > >>>>>> page > >>>>>> in > >>>>>> php based application. > >>>>>> > >>>>>> Thanks, > >>>>>> Srini. > >>>>>> > >>>>>> > >>>>>> > >>>>>> ronatartifact wrote: > >>>>>>> Have you considered putting > the data in the HTTP Session data > >>>>>>> structure > >>>>>>> that is held while the user is > logged in. > >>>>>>> > >>>>>>> This data is only available to > portlets serving that user but you > >>>>>>> can > >>>>>>> store whatever you want there > for the duration of the session. > >>>>>>> > >>>>>>> It is faster and easier to > access since it does not require database > >>>>>>> access. > >>>>>>> > >>>>>>> You might get better advice if > you described a bit more about why > >>>>>>> you > >>>>>>> want to store transitory > info. > >>>>>>> > >>>>>>> > >>>>>>> Ron > >>>>>>> > >>>>>>> > >>>>>>> On 18/11/2010 10:54 AM, > SriniPitta wrote: > >>>>>>>> ====================== > >>>>>>>> Can you not use the > logging done by Jetspeed already? > >>>>>>>> ======================== > >>>>>>>> Thanks for your reply. I > see that "USER_ACTIVITY" table has the > >>>>>>>> entry > >>>>>>>> for > >>>>>>>> each login-success and > login-failure. However, I would like to > >>>>>>>> delete > >>>>>>>> the > >>>>>>>> user logged in information > from the table upon user logging out. I > >>>>>>>> do > >>>>>>>> not > >>>>>>>> want to mess up or delete > the entries from Jetspeed's database as > >>>>>>>> iam > >>>>>>>> pretty > >>>>>>>> sure that my requirement > will be extended. Thanks for your time. > >>>>>>>> > >>>>>>>> Regards, > >>>>>>>> Srini. > >>>>>>>> > >>>>>>>> > >>>>>>>> ronatartifact wrote: > >>>>>>>>> On 17/11/2010 6:06 PM, > SriniPitta wrote: > >>>>>>>>>> Hi, > >>>>>>>>>> > >>>>>>>>>> I would like to > insert a new entry in database capturing the > >>>>>>>>>> session > >>>>>>>>>> and > >>>>>>>>>> user details upon > each time the user login into portal and logout > >>>>>>>>>> the > >>>>>>>>>> portal. > >>>>>>>>>> > >>>>>>>>>> I have written a > listener class and extended HttpSessionListener > >>>>>>>>>> and > >>>>>>>>>> overrided > sessionCreated() and sessionDestroyed() methods and > >>>>>>>>>> added > >>>>>>>>>> below > >>>>>>>>>> entry in my > web.xml. But it does not invoke my listener during > >>>>>>>>>> user > >>>>>>>>>> login > >>>>>>>>>> or > >>>>>>>>>> logout. Can you > please let me know the correct way of > >>>>>>>>>> implementing. > >>>>>>>>>> > >>>>>>>>>> > <listener> > >>>>>>>>>> > <listener-class>com.mycompany.MyHttpSessionListener</listener-class> > >>>>>>>>>> </listener> > >>>>>>>>>> > >>>>>>>>>> Thanks for your > time. > >>>>>>>>>> > >>>>>>>>>> Regards, > >>>>>>>>>> Srini. > >>>>>>>>> Can you not use the > logging done by Jetspeed already? > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > --------------------------------------------------------------------- > >>>>>>>>> To unsubscribe, > e-mail: > >>>>>>>>> [email protected] > >>>>>>>>> For additional > commands, e-mail: > >>>>>>>>> [email protected] > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>> > --------------------------------------------------------------------- > >>>>>>> To unsubscribe, e-mail: [email protected] > >>>>>>> For additional commands, > e-mail: > >>>>>>> [email protected] > >>>>>>> > >>>>>>> > >>>>>>> > >>>>> > --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: [email protected] > >>>>> For additional commands, e-mail: [email protected] > >>>>> > >>>>> > >>>>> > >>> > >>> > --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [email protected] > >>> For additional commands, e-mail: [email protected] > >>> > >>> > >>> > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > -- > View this message in context: > http://old.nabble.com/session-listener-not-working-tp30239157p30281899.html > Sent from the Jetspeed - User mailing list archive at > Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
