Basic authentication. I figured it wouldn't be hard with Form authentication, but I'm using basic in order to match the look and feel of the rest of the site.
Yeah, saw the same problem with Basu's implementation, though I did like the idea. Justin -----Original Message----- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 9:00 AM To: Tomcat Users List Subject: RE: SessionListener Howdy, Senor Basu, your solution is seriously not thread-safe. But that's for you to worry about it, maybe it's good enough for your needs ;) As for Senor Hart's questions: - HttpSessionListener goes in web.xml, as do all other Servlet Specification listeners. - SessionListener goes in server.xml, as do all other Tomcat-specific listeners. SessionListener is not tied to HttpSessionListener or HttpSession directly. You have to do a series of casts. The event object in the SessionListener's SessionEvent is a catalina-specific Session implementation. It will also implement the HttpSession interface. So you can get from one to another by casting, but it's ugly (as is the whole SessionListener solution). Let's step back a minute: you have this whole hassle because you want the user's password. You want the user's password in order to authenticate the user. But with the getUserPrincipal approach, the user is already authenticated if the Principal is not null. Alternatively, if you have some input screen where the user enters the username and password, grab them there instead of from the session. I think what's missing here is the big picture: tell us what you're trying to do, what authentication mechanism you're using, and let's forget about the tomcat-specific hacks for a minute ;) Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: Atreya Basu [mailto:[EMAIL PROTECTED] >Sent: Monday, December 01, 2003 4:37 PM >To: Tomcat Users List >Subject: Re: SessionListener > >Hi, > >Here is how I use the HttpSessionListener. > >First I create a Class that implements HttpSessionListener: >package com.gri.web; >import javax.servlet.http.*; >public MySessionListener implements HttpSessionListener >{ > private static int num_sessions = 0; > private HttpSession session = null; > > public void sessionCreated(HttpSessionEvent se) > { > num_sessions++; > session = se.getSession(); > } > public void sessionDestroyed(HttpSessionEvent se) > { num_session--;} > public static int getNumSessions() {return num_sessions; } > public static HttpSession getLastSession() { return session;} >} > >Now include this in the web.xml for your context (directly after >filter&filter-mapping but before Servlet element): > >|<listener>| >||| <listener-class>com.gri.web.MySessionListener</listener-class> ></listener>|| > >now all you have to do is create a JSP: ><jsp:root xmlns:jsp="http://java.sun.com/JSP/Page";> ><jsp:directive.page import="com.gri.web.*" /> ><jsp:text> ><html> ><body> >|Last user in session: ></jsp:text> ><jsp:expression> >MySessionListener.getLastSession().getAttribute("j_username") ></jsp:expression> >|<jsp:text> >|Username of current person ></jsp:text> ><jsp:expression> >session.getAttribute("j_username") ></jsp:expression> >|</jsp:root> > >|</body> ></html> ></jsp:root> >Hart, Justin wrote: > >>Ok, still, I haven't found any documentation on how to add a >SessionListener in the server.xml file, and adding one using the listener >tags defined for web.xml files doesn't seem to work. >> >>I also haven't seen how to get a user's credentials from a HttpSession, or >how to get a Session from an HttpSessionListener. Could you throw me a >bone? >> >>Justin >> >>-----Original Message----- >>From: Shapira, Yoav [mailto:[EMAIL PROTECTED] >>Sent: Monday, December 01, 2003 2:52 PM >>To: Tomcat Users List >>Subject: RE: SessionListener >> >> >> >>Howdy, >>A SessionListener of the org.apache.catalina variety would go in the >>same place as all tomcat-specific features: >>$CATALINA_HOME/conf/server.xml. That means the class specified there >>must be accessible to the server classloaders, i.e. must reside in >>common/lib or higher on the classloader hierarchy. >> >>The above is true for Valves, Realms, Listeners, etc, that are >>proprietary to tomcat. >> >>Yoav Shapira >>Millennium ChemInformatics >> >> >> >> >>>-----Original Message----- >>>From: Hart, Justin [mailto:[EMAIL PROTECTED] >>>Sent: Monday, December 01, 2003 11:53 AM >>>To: Tomcat Users List >>>Subject: RE: SessionListener >>> >>>Ok, so, the listener in there must implement HttpSessionListener, where >>> >>> >>can >> >> >>>I use SessionListeners? >>> >>>Justin >>> >>>-----Original Message----- >>>From: Hart, Justin >>>Sent: Monday, December 01, 2003 11:34 AM >>>To: Tomcat Users List (E-mail) >>>Subject: SessionListener >>> >>> >>>My SessionListener doesn't seem to be firing, any help? >>> >>>I have a SessionListener that I want to go off when a user >>> >>> >>authenticates to >> >> >>>my web app (this is a correct usage, right?) >>> >>>So, in the web.xml of my app, I would put the lines: >>> >>><web-app> >>> <listener> >>> <listener-class> >>> the class >>> </listener-class> >>> </listener> >>></web-app> >>> >>>This should fire off when the user signs in to the page, correct? >>> >>>Justin >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> >> >>This e-mail, including any attachments, is a confidential business >communication, and may contain information that is confidential, >proprietary and/or privileged. This e-mail is intended only for the >individual(s) to whom it is addressed, and may not be saved, copied, >printed, disclosed or used by anyone else. If you are not the(an) intended >recipient, please immediately delete this e-mail from your computer system >and notify the sender. Thank you. >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > >-- >____________________________________ >Developer >Greenfield Research Inc. >atreya(AT)greenfieldresearch(DOT)ca >(902)422-9426 > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
