Hi Jon, You can just write your own auth module, overriding BaseInterceptor, and adding an entry to modules.xml or interceptors.xml. This could be a little cleaner, as you don't have to add code to every servlet and jsp. //steve
Jayson Yu wrote: > You are right, this is not very efficient, I strongly suggest using > servlets. If you do you can > place all user info you would possibly need in an httpsession. > > You can in fact create a new session after athentication, you can > also create a class > containing the attributes you want to save on each session (e.g. name, > address, sex, > access code etc.). > > For example: > > // this is your function to verify the user agains your DB > if CheckUser(loginname, password) > { > > HttpSession websession = request.getSession(true); > > // Sessions is a user made class that contains the > // methods and properties you want the session to have. > Sessions thissession = new Sessions(); > > // 30 minutes > websession.setMaxInactiveInterval(1800); > > String sessid; > > // Just replace this method with one of yours. > sessid=GenericTools.generateRandomSessionCode(25); > > websession.putValue("mysession",thissession); > > ((Sessions)websession.getValue("mysession")).setSessionCode(sessid); > > ((Sessions)websession.getValue("mysession")).setName(login_name); > > > } > > > getting information from your session is equally easy: > > HttpSession websession = request.getSession(true); > if (websession.getValue("mysession")!=null) > { > > login_name=((Sessions)websession.getValue("mysession")).getName(); > } > > Of course your Sessions class must have the setSessionCode, setName > and getName methods. > > Hope this helps. > > json > > > At 05:41 PM 12/18/01 -0800, you wrote: > >> If anyone solves this it would be a great help to me as well. I am >> currently using a clumsy work around that doesn't always work. >> >> I have a User object that contains a lot of information about the >> users that could be very useful on various pages. I'd like to simply >> fill this object and add it to the session upon authentication for >> later use. I haven't found a way to do that yet. >> >> My work around is to do a pageContext.include() of a jsp that does >> the following on every page. >> >> String name = request.getRemoteUser(); >> User user = (User)session.getAttribute("USER_OBJECT"); >> if(name!=null&&user==null) { >> user = User.getUserByName(datasource, name); >> session.setAttribute("USER_OBJECT", user); >> } >> >> This has two problems though. >> 1) It's a waste of time to have to do this on every page. >> 2) It can create a race condition if the page it's include in needs >> to use the User object immediately. If I do the following the User >> object generally ends up being null. >> >> pageContext.include("login.jsp"); >> User user = (User)session.getAttribute("USER_OBJECT"); >> >> I think the ability to do this properly would be a great help to a >> lot of people and contribute to cleaner and faster servlet and jsp >> applications. >> Being able to specify a method that takes the username and password >> to be run on successful authentication would do it. >> >> -Cavan >> >> ----- Original Message ----- >> From: "Jon Weinberg" <[EMAIL PROTECTED]> >> To: <[EMAIL PROTECTED]> >> Sent: Tuesday, December 18, 2001 4:08 PM >> Subject: Session >> >> >> I am running Tomcat 4.0 with form-based authentication. I would like >> to add some user-specific variables into the session as soon as the >> user logs in (that is, as soon as the user logs in, I want to get the >> username from the form, use it to query my DB, put some results into >> the user's session, and have the user continue on to the page he >> originally requested.) >> >> I have tried a number of solutions that don't work: >> >> 1) I've tried having the login form's action send the info to a >> servlet that does the processing and then forwards the request to >> "j_security_check", but that solution only works in 3.2 and not in 4.0 >> >> 2) I have attached an HttpSessionListener, but since the session is >> created before the user actually logs in, my listener does not yet >> have the username and cannot complete the preprocessing. >> >> Is there a way for me to execute something right AFTER a user >> authenticates? >> >> Thanks, >> Jon >> >> >> >> -- >> To unsubscribe: <mailto:[EMAIL PROTECTED]> >> For additional commands: <mailto:[EMAIL PROTECTED]> >> Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>