-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
lmk,
lmk wrote:
> Im using form based jaas authentication, I have to call a stored procedure
> with the user name and password to ininitialize some business objects!
>
> how can I get the password on the j_security_check request?
>
> can we use servlet filter to do this
Unfortunately, Tomcat does not give your application code any
opportunity to fetch the credentials or anything else from the request
when using container-managed authentication.
We had a similar problem in that we wanted to update the "last login
time" of the user, and also lost user prefs from our database. We
decided to write a filter that basically did this:
Check session for a marker object with session key "USER"
a. If marker exists, do nothing and chain to the next filter
b. If marker does not exist, perform database UPDATE and SELECT,
then insert USER marker into the session
This has worked very well for us for quite a while. It also has the
added benefit of separating the concerns of authentication and
authorization with login logic.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAki+uo0ACgkQ9CaO5/Lv0PDoAQCeLHhb2AyyhAaOLzdMKArgdlKw
o1MAmwYtyJfoHHkdwbJ327sEjt4cw9rN
=2pwJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
