Hi,
Please pardon my questions if they've already been asked and answered,
but I've spent the better part of the past two days looking for answers
in Google (including the Usenet archives) and the archives of this list.
I'm using Tomcat 5.0 with form-based authentication and there are two
features I'd like to implement: first, I'd like to be able to store some
user preference information (retrieved from a database) into the
HttpSession after a successful logon. Second, I'd like to be able to
include a "remember my logon information" option (checkbox) on the logon
form and keep the session from expiring if it's checked. Both of these
would seem to require some sort of interaction with the form-based
authentication process, but I don't know how to make that happen. During
the time I've spent researching how to accomplish these two things, I
saw suggestions or proposed solutions, but I have questions about what I
saw.
For storing user preference information in the session, someone
suggested using a session listener. I understand how to do that, but how
will I know which user has logged on when the session is created? I'm
accustomed to finding out the user name from getRemoteUser() in the
HttpServletRequest, but there is no such request (that I'm aware of, at
least) associated with the event message that's generated by session
creation. Is this the right solution to my problem and if so, what am I
missing? Another suggestion I saw is to create a filter, which I'm
pretty sure would work, but it seems like a lot of overhead to add to my
application (to filter each request) for something that only needs to be
done once at the initial logon.
The "remember me" problem seems to be one that others have struggled
with and I did see where someone had developed a solution, but I also
saw comments on that solution that led me to believe that the person was
essentially exploiting a bug in Tomcat. Is there a "correct" way to
intercept the post to j_security_check and modify the session that it
won't expire if the user has checked a box?
Both of these things seem pretty basic and are things I've seen done on
many web sites, so I'm surprised that I haven't found a straightforward
way to do either one with Tomcat. Again, I apologize if these are
questions that have been answered many times before, but I would
appreciate any feedback on how to accomplish them.
