Have you considered using a Filter to put the extra stuff in your
Session? We use an initialization Filter that looks up a User record
based on the authenticated user id. We then place that User object both
in the Session and a thread local variable so that it is available to
all the layers of our framework. Our DAO classes use the thread local
variable to set things like Last Updated By. If you use the thread
local variable make sure the last thing the Filter does is to set it to
null so that the thread is not returned to the container's thread pool
with the User object.
public void doFilter( final ServletRequest servletRequest,
final ServletResponse servletResponse,
final FilterChain filterChain )
throws IOException, ServletException
{
if ( servletRequest instanceof HttpServletRequest )
{
final HttpServletRequest httpServletRequest =
(HttpServletRequest) servletRequest;
final String remoteUser =
httpServletRequest.getRemoteUser();
if ( DataHelper.empty( remoteUser ) ||
"null".equalsIgnoreCase( remoteUser ) )
{
if ( log.isDebugEnabled() )
{
log.debug( "No User info Available" );
} //end if
ThreadContext.setUser( null );
} //end if
else
{
final HttpSession session =
httpServletRequest.getSession( true );
User user = (User) session.getAttribute(
SESSION_TOKEN_SYSUSER );
if ( user == null )
{
try
{
user = UserController.findUserByLoginId(
remoteUser );
if ( log.isDebugEnabled() )
{
log.debug( "Initializing user " +
user.getUserId() );
} //end if
} //end try
catch ( final Exception e )
{
throw new ServletException( e );
} //end catch
session.setAttribute( SESSION_TOKEN_SYSUSER, user );
} //end if
ThreadContext.setUser( user );
} //end else
} //end if
filterChain.doFilter( servletRequest, servletResponse );
ThreadContext.setUser( null ); //Clear the thread before
returning it to the server's thread pool
}
Steve Mitchell
UMB Bank
-----Original Message-----
From: C.F. Scheidecker Antunes [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 17, 2005 12:50 PM
To: Struts Users Mailing List
Subject: Question on log on with SecurityFilter and JDBCRealm
Hello all,
I've managed to have successful authentication with securityFilter and
JDBCRealm.
I have a few questions that I was hoping you could clarify for me.
After the login is successful, is there any way to forward that to a
success page/action
so that I can add extra stuff to the session context? This is my
<login-config> session
in the securityfilter-config.xml file:
*<login-config>*
*<auth-method>*FORM*</auth-method>*
*<form-login-config>*
*<form-login-page>*/login.jsp*</form-login-page>*
*<form-error-page>*/error.jsp*</form-error-page>*
*<form-default-page>*/index.html*</form-default-page>*
*</form-login-config>*
*</login-config>*
My second question is concernig accessing the username value from the
session context.
How is that stored in the session? How can I access it?
My login.jsp form uses standard j_security_check for the action on the
login form, j_username, j_password for the 2 inputs.
I would like, after the login is succesful to forward that to an action
in order to access the database using the username as a key and return
an userID number that I also want to store in the session. How can I
accomplish this?
Thanks in advance,
C.F.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
