Magnus, Check out Securityfilter:
http://securityfilter.sourceforge.net/ I have submitted patches and sample (check the forums) that include the ability to get access to the IP, etc. My app currently logs successful and failed login attempts. As for "logging" the user in... that's not really part of authentication or authorization, is it? I maintain that logic such as that should not be in the component that is doing your AAA. What I have done is create a Filter that checks to see if the user's session contains my own "user" object. If not, I "log them in" and stick their user object into the session. This setup (including Securityfilter) is completely portable across app servers if you find yourself in the unfortunate situation of having to switch. -chris Magnus Bergman wrote: > Hi, > I'm using the JDBCRealm to authorize users to access my applications. > > I would like to "log" users when they login or tries to login to any > application on my tomcat, to do this I have extended the JDBCRealm and > overridden the authenticate-methods, by this I can log when and which > user login to any application on my tomcat, but I also want to log which > host/ip-number they login from? I know that information is in the > HttpServletRequest, but how do I get hold of that information in my > extended JDBCRealm? Or maybe there is a better way to solve this? > > /magnus > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
signature.asc
Description: OpenPGP digital signature