If anyone solves this it would be a great help to me as well. I am currently using a clumsy work around that doesn't always work.
I have a User object that contains a lot of information about the users that could be very useful on various pages. I'd like to simply fill this object and add it to the session upon authentication for later use. I haven't found a way to do that yet. My work around is to do a pageContext.include() of a jsp that does the following on every page. String name = request.getRemoteUser(); User user = (User)session.getAttribute("USER_OBJECT"); if(name!=null&&user==null) { user = User.getUserByName(datasource, name); session.setAttribute("USER_OBJECT", user); } This has two problems though. 1) It's a waste of time to have to do this on every page. 2) It can create a race condition if the page it's include in needs to use the User object immediately. If I do the following the User object generally ends up being null. pageContext.include("login.jsp"); User user = (User)session.getAttribute("USER_OBJECT"); I think the ability to do this properly would be a great help to a lot of people and contribute to cleaner and faster servlet and jsp applications. Being able to specify a method that takes the username and password to be run on successful authentication would do it. -Cavan ----- Original Message ----- From: "Jon Weinberg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 18, 2001 4:08 PM Subject: Session I am running Tomcat 4.0 with form-based authentication. I would like to add some user-specific variables into the session as soon as the user logs in (that is, as soon as the user logs in, I want to get the username from the form, use it to query my DB, put some results into the user's session, and have the user continue on to the page he originally requested.) I have tried a number of solutions that don't work: 1) I've tried having the login form's action send the info to a servlet that does the processing and then forwards the request to "j_security_check", but that solution only works in 3.2 and not in 4.0 2) I have attached an HttpSessionListener, but since the session is created before the user actually logs in, my listener does not yet have the username and cannot complete the preprocessing. Is there a way for me to execute something right AFTER a user authenticates? Thanks, Jon -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>