RE: How can I perform an action when web user is first logged on?

[peter_saurugger]

If you want to use form-based authentication, the only 'legal' way that I
can think of is to  write a sessionfilter that checks when a principal
exists for the first time during a session.

Otherwise you'd have to do your own authentication, calling
RoleManager.login() and if it succeeds write a record to the database with
the current date. (Of course this could be within a filter, too)

This would be much easier if either login() or authenticate() would be
handled by the UserManager (which is user configurable), but alas that is
not so ...

A real hack would be to have two forms on the login page, the first one
being submitted on buttonpress to itself, where it handles the creation of
the login record, and then when resent automatically submitting the
loginform (which must have been filled out previously) to j_security_check
by script ... drawbacks: the user may notice the screen reloading, and I
noticed most people here try to avoid html client side programming like the
pestilence:)

cheers

--peter

-Original Message-
From: Alex Paransky [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 03, 2002 9:30 AM
To: Orion-Interest
Subject: How can I perform an action when web user is first logged on?


I would like to keep lastLogonDate for my users.  However, with the J2EE
security model it does not appear that I can inject any processing between
the time when user is authenticated and a forward to the target url occurs.

Did anyone solve this problem.  If so, could you share your solution?

-AP_
http://www.alexparansky.com
Java/J2EE Architect/Consultant

Re: How can I perform an action when web user is first logged on?

[Mike Cannon-Brookes]

This would work great except that you cannot 'force' a container to bring up
the login page (portably).

UserManager doesn't help you because it too is an Orion specific API (just
like RoleManager)

About the only way to do portable user
management/authentication/authorisation is with an open source project
called OSUser (part of OpenSymphony which I participate in). See
http://www.opensymphony.com/osuser for details. I currently have an
application porting well (single EAR) between JBoss and Orion, and
Weblogic/Pramati/JRun support are almost done. It also supports Resin (if
you just want WARs).

Check it out anyway,

Cheers,
Mike

On 5/3/02 1:49 PM, [EMAIL PROTECTED]
([EMAIL PROTECTED]) penned the words:

 If you want to use form-based authentication, the only 'legal' way that I
 can think of is to  write a sessionfilter that checks when a principal
 exists for the first time during a session.
 
 Otherwise you'd have to do your own authentication, calling
 RoleManager.login() and if it succeeds write a record to the database with
 the current date. (Of course this could be within a filter, too)
 
 This would be much easier if either login() or authenticate() would be
 handled by the UserManager (which is user configurable), but alas that is
 not so ...
 
 A real hack would be to have two forms on the login page, the first one
 being submitted on buttonpress to itself, where it handles the creation of
 the login record, and then when resent automatically submitting the
 loginform (which must have been filled out previously) to j_security_check
 by script ... drawbacks: the user may notice the screen reloading, and I
 noticed most people here try to avoid html client side programming like the
 pestilence:)
 
 cheers
 
 --peter
 
 -Original Message-
 From: Alex Paransky [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, March 03, 2002 9:30 AM
 To: Orion-Interest
 Subject: How can I perform an action when web user is first logged on?
 
 
 I would like to keep lastLogonDate for my users.  However, with the J2EE
 security model it does not appear that I can inject any processing between
 the time when user is authenticated and a forward to the target url occurs.
 
 Did anyone solve this problem.  If so, could you share your solution?
 
 -AP_
 http://www.alexparansky.com
 Java/J2EE Architect/Consultant
 
 

How can I perform an action when web user is first logged on?

[Alex Paransky]

I would like to keep lastLogonDate for my users.  However, with the J2EE
security model it does not appear that I can inject any processing between
the time when user is authenticated and a forward to the target url occurs.

Did anyone solve this problem.  If so, could you share your solution?

-AP_
http://www.alexparansky.com
Java/J2EE Architect/Consultant