RE: Performing an action on form-based login
Not maybe of direct help unless you get really stuck, but my approach was to use TCs sessions, but not its authentication framework. My original reasoning for this was that I wanted login details to be in a RDMS table along with other data. So I coded the login/logout process myself, which was a little work to achieve, but gives me freedom to handle the sorts of things you are talking about in a flexible way. My way around the problem you describe is that when someone successfully authenticates, I add their uid to the session object as a String in the doGet() method: String uid = request.getParameter(form_uid_field); request.getSession(true).setAttribute(uid, null); And because the uid is now accessible via the session object, when your SessionListener catches the attributeAdded/Changed/Replaced events, they pass a HttpSessionBindingEvent, from which you can call .getSession().getAttribute(uid) -Original Message- From: Ross Nicoll [mailto:[EMAIL PROTECTED] Sent: Tuesday 24 May 2005 15:17 To: Tomcat Users List Subject: Re: Performing an action on form-based login We're having more or less the same problem. Is there perhaps a chance of a UserFormLoginListener in a future version of Tomcat? Anyone have any advice on this? Some reliable method for logging out a user would also be extremely useful. On 5/22/05, Torsten Römer [EMAIL PROTECTED] wrote: This question has been asked (and answered to) earlier, but I am still unsure: I am using container managed security with form-based authentication. I am really happy with how it works. But now I would like to perform an action when a user has authenticated, such as loading user preferences and store them in the session. First I thought I could use a HttpSessionListener for that. Now I know when a new session has been created, but what I am missing is the username. The only way to get it seems to be from a request using getRemoteUser(). Or am I wrong? I really hope I am... I read about setting up a filter but then read somewhere else that this is not reliable. I also found this article Active Authentication http://java.sys-con.com/read/37660.htm which sounds interesting but the link to the source code is broken, so I don't get how to implement that. Can someone help me out? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performing an action on form-based login
We're having more or less the same problem. Is there perhaps a chance of a UserFormLoginListener in a future version of Tomcat? Anyone have any advice on this? Some reliable method for logging out a user would also be extremely useful. On 5/22/05, Torsten Römer [EMAIL PROTECTED] wrote: This question has been asked (and answered to) earlier, but I am still unsure: I am using container managed security with form-based authentication. I am really happy with how it works. But now I would like to perform an action when a user has authenticated, such as loading user preferences and store them in the session. First I thought I could use a HttpSessionListener for that. Now I know when a new session has been created, but what I am missing is the username. The only way to get it seems to be from a request using getRemoteUser(). Or am I wrong? I really hope I am... I read about setting up a filter but then read somewhere else that this is not reliable. I also found this article Active Authentication http://java.sys-con.com/read/37660.htm which sounds interesting but the link to the source code is broken, so I don't get how to implement that. Can someone help me out? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performing an action on form-based login
Hi Ross, Ross Nicoll schrieb: We're having more or less the same problem. Is there perhaps a chance of a UserFormLoginListener in a future version of Tomcat? Anyone have any advice on this? Such a listener would be nice... I now went for a filter (as seen in another post) and I am very satisfied with how it works. I mapped the filter to the URL-pattern /* so all requests go to it. In the doFilter() method I use request.getRemoteUser() to differentiate between an authenticated and a guest session. Then I store some User object in the session and use it to check if the session is new or if a user has just logged in. If you like I post some details. Some reliable method for logging out a user would also be extremely useful. This you probably know anyway, but I use request.getSession(false).invalidate() and then I redirect to the main page. As I understand the new request made by the redirect causes a clean new session to be created. At least I can say it works fine for me. On 5/22/05, Torsten Römer [EMAIL PROTECTED] wrote: This question has been asked (and answered to) earlier, but I am still unsure: I am using container managed security with form-based authentication. I am really happy with how it works. But now I would like to perform an action when a user has authenticated, such as loading user preferences and store them in the session. First I thought I could use a HttpSessionListener for that. Now I know when a new session has been created, but what I am missing is the username. The only way to get it seems to be from a request using getRemoteUser(). Or am I wrong? I really hope I am... I read about setting up a filter but then read somewhere else that this is not reliable. I also found this article Active Authentication http://java.sys-con.com/read/37660.htm which sounds interesting but the link to the source code is broken, so I don't get how to implement that. Can someone help me out? Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]