Not maybe of direct help unless you get really stuck, but my approach was to use TCs sessions, but not its authentication framework. My original reasoning for this was that I wanted login details to be in a RDMS table along with other data. So I coded the login/logout process myself, which was a little work to achieve, but gives me freedom to handle the sorts of things you are talking about in a flexible way.
My way around the problem you describe is that when someone successfully authenticates, I add their uid to the session object as a String in the doGet() method: String uid = request.getParameter("form_uid_field"); request.getSession(true).setAttribute(uid, null); And because the uid is now accessible via the session object, when your SessionListener catches the attributeAdded/Changed/Replaced events, they pass a HttpSessionBindingEvent, from which you can call .getSession().getAttribute("uid") > -----Original Message----- > From: Ross Nicoll [mailto:[EMAIL PROTECTED] > Sent: Tuesday 24 May 2005 15:17 > To: Tomcat Users List > Subject: Re: Performing an action on form-based login > > > We're having more or less the same problem. Is there perhaps a chance > of a UserFormLoginListener in a future version of Tomcat? Anyone have > any advice on this? > > Some reliable method for logging out a user would also be > extremely useful. > > On 5/22/05, Torsten Römer <[EMAIL PROTECTED]> wrote: > > This question has been asked (and answered to) earlier, but > I am still > > unsure: > > > > I am using container managed security with form-based > authentication. I > > am really happy with how it works. But now I would like to > perform an > > action when a user has authenticated, such as loading user > preferences > > and store them in the session. > > > > First I thought I could use a HttpSessionListener for that. > Now I know > > when a new session has been created, but what I am missing is the > > username. The only way to get it seems to be from a request using > > getRemoteUser(). Or am I wrong? I really hope I am... > > > > I read about setting up a filter but then read somewhere > else that this > > is not reliable. > > > > I also found this article "Active Authentication" > > http://java.sys-con.com/read/37660.htm which sounds > interesting but the > > link to the source code is broken, so I don't get how to > implement that. > > > > Can someone help me out? > > > > Torsten > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]