Securityfilter persistent login
Hi
Is securityfilter able to autologin users that have enabled their
persitent login via cookies?
In the moment these users have to push the login button again, although
they do not have to enter their username and password.
// process any persistent login information, if user is not
already logged in,
// persistent logins are enabled, and the persistent login info
is present in this request
if (
request.getRemoteUser() == null
persistentLoginManager != null
persistentLoginManager.rememberingLogin(request)
) {
String username =
persistentLoginManager.getRememberedUsername(request, response);
String password =
persistentLoginManager.getRememberedPassword(request, response);
Principal principal = realm.authenticate(username, password);
if (principal != null) {
request.setUserPrincipal(principal);
} else {
// failed authentication with remembered login, better
forget login now
persistentLoginManager.forgetLogin(request, response);
}
}
This piece of code seems to be responsible for the persistent login on
the form submission. But this is only called in processLogin
(FormAuthenticator) when the login Form is submitted. If this
persistent login failes the form-input is taken.
Thanks, Tobias
PS: Is it possible to make securityfilter work with tiles xml-file definitions?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securityfilter persistent login
PPS: How can I access the servlets context in a securityfilter SecurityRealmInterface implementation? I use the struts HibernatePlugIn, and the hibernate session is stored in the servlets context. So I need to access hibernate this way in my Realm implementation for database verification. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Securityfilter persistent login
I'd consider changing to an implementation that is Filter based and opens/closes a session on every request... that way you could easily get the current session from the request scope. -David -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Tobias Neumann Sent: Monday, July 04, 2005 10:30 AM To: user@struts.apache.org Subject: Re: Securityfilter persistent login PPS: How can I access the servlets context in a securityfilter SecurityRealmInterface implementation? I use the struts HibernatePlugIn, and the hibernate session is stored in the servlets context. So I need to access hibernate this way in my Realm implementation for database verification. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
