thanks Christopher, I found another solution, I use a custom class UserPricipal with userName and userId parameter, when the user is autheticated, I populate userId. on the servlet, I get the UserPrincipal object from the request.
best regards! Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > lmk, > > lmk wrote: >> Im using form based jaas authentication, I have to call a stored >> procedure >> with the user name and password to ininitialize some business objects! >> >> how can I get the password on the j_security_check request? >> >> can we use servlet filter to do this > > Unfortunately, Tomcat does not give your application code any > opportunity to fetch the credentials or anything else from the request > when using container-managed authentication. > > We had a similar problem in that we wanted to update the "last login > time" of the user, and also lost user prefs from our database. We > decided to write a filter that basically did this: > > Check session for a marker object with session key "USER" > a. If marker exists, do nothing and chain to the next filter > b. If marker does not exist, perform database UPDATE and SELECT, > then insert USER marker into the session > > This has worked very well for us for quite a while. It also has the > added benefit of separating the concerns of authentication and > authorization with login logic. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAki+uo0ACgkQ9CaO5/Lv0PDoAQCeLHhb2AyyhAaOLzdMKArgdlKw > o1MAmwYtyJfoHHkdwbJ327sEjt4cw9rN > =2pwJ > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/j_security_check-get-password-on-the-request-tp19255065p19306306.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
