I still don't see how one gets a session from HttpSession or user credentials? I see how to get a UserPrincipal, but without the password, I still can't authenticate the user :-/ Am I missing something?
Justin -----Original Message----- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 3:18 PM To: Tomcat Users List Subject: RE: SessionListener Howdy, >Ok, still, I haven't found any documentation on how to add a >SessionListener in the server.xml file, and adding one using the listener >tags defined for web.xml files doesn't seem to work. The XML is the similar but not quite the same to the portable one: <listener className="mypackage.myclass" ... /> There is a generic example in the Engine configuration reference, and another more specific example in the Host configuration reference. Neither, however, is a SessionListener example. There IS one specific, full-features SessionListener example: the SingleSignOn valve. It's present (but commented out) in server.xml by default, and you can take a look at the source code. It's a more complicated and confusing example because it's also a Valve ;( But then again, I wouldn't even bother with this whole approach when you have the HttpSessionListener as part of the servlet specification. where ... are attributes specific to your listener. (The astute reader would recognize the above as a commons Digester bean-based initialization pattern). >I also haven't seen how to get a user's credentials from a HttpSession, or >how to get a Session from an HttpSessionListener. Could you throw me a >bone? If the user is authenticated by the server, typically the information is not in the session, it's in the request: HttpServletRequest#getUserPrincipal. A common use-case is to stuff this in the session via a filter. If you had an attribute called username that something was stuffing into the session, i.e. something like a filter calling session.setAttribute("username", "something"), then an HttpSessionAttributeListener's attributeAdded would be called with the attribute name and latest value. Yoav This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
