Not maybe of direct help unless you get really stuck, but my approach was to
use TCs sessions, but not its authentication framework. My original
reasoning for this was that I wanted login details to be in a RDMS table
along with other data. So I coded the login/logout process myself, which
was a little work to achieve, but gives me freedom to handle the sorts of
things you are talking about in a flexible way.
My way around the problem you describe is that when someone successfully
authenticates, I add their uid to the session object as a String in the
doGet() method:
String uid = request.getParameter("form_uid_field");
request.getSession(true).setAttribute(uid, null);
And because the uid is now accessible via the session object, when your
SessionListener catches the attributeAdded/Changed/Replaced events, they
pass a HttpSessionBindingEvent, from which you can call
.getSession().getAttribute("uid")
> -----Original Message-----
> From: Ross Nicoll [mailto:[EMAIL PROTECTED]
> Sent: Tuesday 24 May 2005 15:17
> To: Tomcat Users List
> Subject: Re: Performing an action on form-based login
>
>
> We're having more or less the same problem. Is there perhaps a chance
> of a UserFormLoginListener in a future version of Tomcat? Anyone have
> any advice on this?
>
> Some reliable method for logging out a user would also be
> extremely useful.
>
> On 5/22/05, Torsten Römer <[EMAIL PROTECTED]> wrote:
> > This question has been asked (and answered to) earlier, but
> I am still
> > unsure:
> >
> > I am using container managed security with form-based
> authentication. I
> > am really happy with how it works. But now I would like to
> perform an
> > action when a user has authenticated, such as loading user
> preferences
> > and store them in the session.
> >
> > First I thought I could use a HttpSessionListener for that.
> Now I know
> > when a new session has been created, but what I am missing is the
> > username. The only way to get it seems to be from a request using
> > getRemoteUser(). Or am I wrong? I really hope I am...
> >
> > I read about setting up a filter but then read somewhere
> else that this
> > is not reliable.
> >
> > I also found this article "Active Authentication"
> > http://java.sys-con.com/read/37660.htm which sounds
> interesting but the
> > link to the source code is broken, so I don't get how to
> implement that.
> >
> > Can someone help me out?
> >
> > Torsten
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
