Hi Jon,
You can just write your own auth module, overriding BaseInterceptor, and
adding an entry to modules.xml or interceptors.xml. This could be a
little cleaner, as you don't have to add code to every servlet and jsp.
//steve
Jayson Yu wrote:
> You are right, this is not very efficient, I strongly suggest using
> servlets. If you do you can
> place all user info you would possibly need in an httpsession.
>
> You can in fact create a new session after athentication, you can
> also create a class
> containing the attributes you want to save on each session (e.g. name,
> address, sex,
> access code etc.).
>
> For example:
>
> // this is your function to verify the user agains your DB
> if CheckUser(loginname, password)
> {
>
> HttpSession websession = request.getSession(true);
>
> // Sessions is a user made class that contains the
> // methods and properties you want the session to have.
> Sessions thissession = new Sessions();
>
> // 30 minutes
> websession.setMaxInactiveInterval(1800);
>
> String sessid;
>
> // Just replace this method with one of yours.
> sessid=GenericTools.generateRandomSessionCode(25);
>
> websession.putValue("mysession",thissession);
>
> ((Sessions)websession.getValue("mysession")).setSessionCode(sessid);
>
> ((Sessions)websession.getValue("mysession")).setName(login_name);
>
>
> }
>
>
> getting information from your session is equally easy:
>
> HttpSession websession = request.getSession(true);
> if (websession.getValue("mysession")!=null)
> {
>
> login_name=((Sessions)websession.getValue("mysession")).getName();
> }
>
> Of course your Sessions class must have the setSessionCode, setName
> and getName methods.
>
> Hope this helps.
>
> json
>
>
> At 05:41 PM 12/18/01 -0800, you wrote:
>
>> If anyone solves this it would be a great help to me as well. I am
>> currently using a clumsy work around that doesn't always work.
>>
>> I have a User object that contains a lot of information about the
>> users that could be very useful on various pages. I'd like to simply
>> fill this object and add it to the session upon authentication for
>> later use. I haven't found a way to do that yet.
>>
>> My work around is to do a pageContext.include() of a jsp that does
>> the following on every page.
>>
>> String name = request.getRemoteUser();
>> User user = (User)session.getAttribute("USER_OBJECT");
>> if(name!=null&&user==null) {
>> user = User.getUserByName(datasource, name);
>> session.setAttribute("USER_OBJECT", user);
>> }
>>
>> This has two problems though.
>> 1) It's a waste of time to have to do this on every page.
>> 2) It can create a race condition if the page it's include in needs
>> to use the User object immediately. If I do the following the User
>> object generally ends up being null.
>>
>> pageContext.include("login.jsp");
>> User user = (User)session.getAttribute("USER_OBJECT");
>>
>> I think the ability to do this properly would be a great help to a
>> lot of people and contribute to cleaner and faster servlet and jsp
>> applications.
>> Being able to specify a method that takes the username and password
>> to be run on successful authentication would do it.
>>
>> -Cavan
>>
>> ----- Original Message -----
>> From: "Jon Weinberg" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Sent: Tuesday, December 18, 2001 4:08 PM
>> Subject: Session
>>
>>
>> I am running Tomcat 4.0 with form-based authentication. I would like
>> to add some user-specific variables into the session as soon as the
>> user logs in (that is, as soon as the user logs in, I want to get the
>> username from the form, use it to query my DB, put some results into
>> the user's session, and have the user continue on to the page he
>> originally requested.)
>>
>> I have tried a number of solutions that don't work:
>>
>> 1) I've tried having the login form's action send the info to a
>> servlet that does the processing and then forwards the request to
>> "j_security_check", but that solution only works in 3.2 and not in 4.0
>>
>> 2) I have attached an HttpSessionListener, but since the session is
>> created before the user actually logs in, my listener does not yet
>> have the username and cannot complete the preprocessing.
>>
>> Is there a way for me to execute something right AFTER a user
>> authenticates?
>>
>> Thanks,
>> Jon
>>
>>
>>
>> --
>> To unsubscribe: <mailto:[EMAIL PROTECTED]>
>> For additional commands: <mailto:[EMAIL PROTECTED]>
>> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
>
>
> --
> To unsubscribe: <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
