If anyone solves this it would be a great help to me as well. I am currently using a
clumsy work around that doesn't always work.
I have a User object that contains a lot of information about the users that could be
very useful on various pages. I'd like to simply fill this object and add it to the
session upon authentication for later use. I haven't found a way to do that yet.
My work around is to do a pageContext.include() of a jsp that does the following on
every page.
String name = request.getRemoteUser();
User user = (User)session.getAttribute("USER_OBJECT");
if(name!=null&&user==null) {
user = User.getUserByName(datasource, name);
session.setAttribute("USER_OBJECT", user);
}
This has two problems though.
1) It's a waste of time to have to do this on every page.
2) It can create a race condition if the page it's include in needs to use the User
object immediately. If I do the following the User object generally ends up being
null.
pageContext.include("login.jsp");
User user = (User)session.getAttribute("USER_OBJECT");
I think the ability to do this properly would be a great help to a lot of people and
contribute to cleaner and faster servlet and jsp applications.
Being able to specify a method that takes the username and password to be run on
successful authentication would do it.
-Cavan
----- Original Message -----
From: "Jon Weinberg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 18, 2001 4:08 PM
Subject: Session
I am running Tomcat 4.0 with form-based authentication. I would like to add some
user-specific variables into the session as soon as the user logs in (that is, as soon
as the user logs in, I want to get the username from the form, use it to query my DB,
put some results into the user's session, and have the user continue on to the page he
originally requested.)
I have tried a number of solutions that don't work:
1) I've tried having the login form's action send the info to a servlet that does the
processing and then forwards the request to "j_security_check", but that solution only
works in 3.2 and not in 4.0
2) I have attached an HttpSessionListener, but since the session is created before the
user actually logs in, my listener does not yet have the username and cannot complete
the preprocessing.
Is there a way for me to execute something right AFTER a user authenticates?
Thanks,
Jon
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
