Well actually, the proposed solution I suggested requires you to use a third party project called SecurityFilter, which emulates container managed security: http://securityfilter.sourceforge.net/.
When using securityFilter you are in control of setting SecurityFilter as a custom servlet filter in your webapp, so you can layer another filter on top of SecurityFilter to intercept the request and get all the information you want (you need to do this because SecurityFilter clears the Session object before re-directing to the original page). What you are trying to do is essentially intercept j_security_check which cannot be done very easily. One other possible solution is subclassing the security realm (such as JDBCRealm if you're using that) that you have configured in your tomcat instance, and then configuring that new class in the Realm element in server.xml. I'm sure the implication of this are loss of portability but I'm not sure you really care about that at this point. The best documentation on learning these technologies is http://tomcat.apache.org/tomcat-5.5-doc/index.html and google. On Thu, Jul 31, 2008 at 12:57 AM, Guojun Zhu <[EMAIL PROTECTED]> wrote: > Thank you. I am using the basic authentication as the manager package of > Tomcat. Something like this in the web.xml. > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Tomcat INFORM Application</realm-name> > </login-config> > > I only know how to use the realm in the web.xml and servel.xml. But I am > really like to learn about this j_security. Honestly, I am not fully > understand what you say in the second part. I know basic java stuff and > know basic things about writing JSP web application and a little servlet. > Where should I start to learn these? Thanks. > > Sincerely > Zhu, Guojun > > On Wed, Jul 30, 2008 at 5:08 PM, Alessandro Ferrucci < > [EMAIL PROTECTED]> wrote: > > > What authentication method are you using? I'll take a wild guess at > form. > > This thread provides a few workaround solutions for this: > > > > http://www.theserverside.com/discussions/thread.tss?thread_id=32033 > > > > I suggest looking into writing your own filter and placing it above > > SecurityFilter in the stack and intercepting the redirect made by the > > security filter by subclassing HttpServletResponseWrapper. > > > > > > On Wed, Jul 30, 2008 at 3:58 PM, Guojun Zhu <[EMAIL PROTECTED]> wrote: > > > > > Hi, > > > > > > I am using realm for the authorization of my web application. I would > > like > > > to include a administration section for things like modifying the user > > > profile or password. I have several different user names associated > > with > > > two different roles. Both roles give the pass to the web pages. I am > > > wondering whether I can find out who is the login user in realm? So I > do > > > not need the user to provide it again to entering the admin part. I am > > > using Tomcat 5.5 on a linux box. Thanks. > > > > > > Sincerely > > > Zhu, Guojun > > > > > > > > > > > -- > > Signed, > > Alessandro Ferrucci :) > > > -- Signed, Alessandro Ferrucci :)
