This would work great except that you cannot 'force' a container to bring up
the login page (portably).

UserManager doesn't help you because it too is an Orion specific API (just
like RoleManager)

About the only way to do portable user
management/authentication/authorisation is with an open source project
called OSUser (part of OpenSymphony which I participate in). See for details. I currently have an
application porting well (single EAR) between JBoss and Orion, and
Weblogic/Pramati/JRun support are almost done. It also supports Resin (if
you just want WARs).

Check it out anyway,


On 5/3/02 1:49 PM, "[EMAIL PROTECTED]"
([EMAIL PROTECTED]) penned the words:

> If you want to use form-based authentication, the only 'legal' way that I
> can think of is to  write a sessionfilter that checks when a principal
> exists for the first time during a session.
> Otherwise you'd have to do your own authentication, calling
> RoleManager.login() and if it succeeds write a record to the database with
> the current date. (Of course this could be within a filter, too)
> This would be much easier if either login() or authenticate() would be
> handled by the UserManager (which is user configurable), but alas that is
> not so ...
> A real hack would be to have two forms on the login page, the first one
> being submitted on buttonpress to itself, where it handles the creation of
> the login record, and then when resent automatically submitting the
> loginform (which must have been filled out previously) to j_security_check
> by script ... drawbacks: the user may notice the screen reloading, and I
> noticed most people here try to avoid html client side programming like the
> pestilence:)
> cheers
> --peter
> -----Original Message-----
> From: Alex Paransky [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, March 03, 2002 9:30 AM
> To: Orion-Interest
> Subject: How can I perform an action when web user is first logged on?
> I would like to keep lastLogonDate for my users.  However, with the J2EE
> security model it does not appear that I can "inject" any processing between
> the time when user is authenticated and a forward to the target url occurs.
> Did anyone solve this problem.  If so, could you share your solution?
> -AP_
> Java/J2EE Architect/Consultant

Reply via email to