Re: ServletFilter on j_security_check
Frank, if you develop a JAAS login module, you can get it to do pretty much anything you want, apart from having instant access to that user's session. You could write the login attempts to a database for instance. Adam On 01/31/2004 11:51 PM Tim Funk wrote: Yeah. Use a Valve. A Valve is just like a filter but is tomcat dependent and is issued before any filters are invoked. Any such functionality your looking for is NOT Servlet spec specific so whatever solution you use - you'll be locked into that container. -Tim Frank Febbraro wrote: Well that sucks :-( Any change that in the future Tomcat can have somethign silimar to the auth-filter in WebLogic...basically just a way to hookup (via interface) a class that can be notified of these events? Guess I need to break out my papers and roll my ownagain. For those with problems such as these, check out http://opensource.atlassian.com/seraph/introduction.html - Original Message - From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, January 30, 2004 7:29 AM Subject: Re: ServletFilter on j_security_check The Sun spec team has said that filters can't be applied to j_security_check. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795 -Tim Frank Febbraro wrote: Using Tomcat 4.1.x In looking at the source it seems that there is no simple way to hook into the Login process to get notified of successes or failures (dammit). So I was attempting to servlet filter the j_security_check and do my own pre/post processing. However I am unable to filter it. Is this URL specifically ignored by the filtering mechanism? My web.xml file looks as such... filter filter-namelogin/filter-name filter-classraider.portal.servlet.LoginFilter/filter-class /filter filter-mapping filter-namelogin/filter-name url-pattern/j_security_check/url-pattern /filter-mapping Kinda running out of options at this point, anyone else had a problem similar to needing to audit the login results? Thanks in advance, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ServletFilter on j_security_check
Well that sucks :-( Any change that in the future Tomcat can have somethign silimar to the auth-filter in WebLogic...basically just a way to hookup (via interface) a class that can be notified of these events? Guess I need to break out my papers and roll my ownagain. For those with problems such as these, check out http://opensource.atlassian.com/seraph/introduction.html - Original Message - From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, January 30, 2004 7:29 AM Subject: Re: ServletFilter on j_security_check The Sun spec team has said that filters can't be applied to j_security_check. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795 -Tim Frank Febbraro wrote: Using Tomcat 4.1.x In looking at the source it seems that there is no simple way to hook into the Login process to get notified of successes or failures (dammit). So I was attempting to servlet filter the j_security_check and do my own pre/post processing. However I am unable to filter it. Is this URL specifically ignored by the filtering mechanism? My web.xml file looks as such... filter filter-namelogin/filter-name filter-classraider.portal.servlet.LoginFilter/filter-class /filter filter-mapping filter-namelogin/filter-name url-pattern/j_security_check/url-pattern /filter-mapping Kinda running out of options at this point, anyone else had a problem similar to needing to audit the login results? Thanks in advance, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ServletFilter on j_security_check
Yeah. Use a Valve. A Valve is just like a filter but is tomcat dependent and is issued before any filters are invoked. Any such functionality your looking for is NOT Servlet spec specific so whatever solution you use - you'll be locked into that container. -Tim Frank Febbraro wrote: Well that sucks :-( Any change that in the future Tomcat can have somethign silimar to the auth-filter in WebLogic...basically just a way to hookup (via interface) a class that can be notified of these events? Guess I need to break out my papers and roll my ownagain. For those with problems such as these, check out http://opensource.atlassian.com/seraph/introduction.html - Original Message - From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, January 30, 2004 7:29 AM Subject: Re: ServletFilter on j_security_check The Sun spec team has said that filters can't be applied to j_security_check. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795 -Tim Frank Febbraro wrote: Using Tomcat 4.1.x In looking at the source it seems that there is no simple way to hook into the Login process to get notified of successes or failures (dammit). So I was attempting to servlet filter the j_security_check and do my own pre/post processing. However I am unable to filter it. Is this URL specifically ignored by the filtering mechanism? My web.xml file looks as such... filter filter-namelogin/filter-name filter-classraider.portal.servlet.LoginFilter/filter-class /filter filter-mapping filter-namelogin/filter-name url-pattern/j_security_check/url-pattern /filter-mapping Kinda running out of options at this point, anyone else had a problem similar to needing to audit the login results? Thanks in advance, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ServletFilter on j_security_check
The Sun spec team has said that filters can't be applied to j_security_check. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795 -Tim Frank Febbraro wrote: Using Tomcat 4.1.x In looking at the source it seems that there is no simple way to hook into the Login process to get notified of successes or failures (dammit). So I was attempting to servlet filter the j_security_check and do my own pre/post processing. However I am unable to filter it. Is this URL specifically ignored by the filtering mechanism? My web.xml file looks as such... filter filter-namelogin/filter-name filter-classraider.portal.servlet.LoginFilter/filter-class /filter filter-mapping filter-namelogin/filter-name url-pattern/j_security_check/url-pattern /filter-mapping Kinda running out of options at this point, anyone else had a problem similar to needing to audit the login results? Thanks in advance, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ServletFilter on j_security_check
Using Tomcat 4.1.x In looking at the source it seems that there is no simple way to hook into the Login process to get notified of successes or failures (dammit). So I was attempting to servlet filter the j_security_check and do my own pre/post processing. However I am unable to filter it. Is this URL specifically ignored by the filtering mechanism? My web.xml file looks as such... filter filter-namelogin/filter-name filter-classraider.portal.servlet.LoginFilter/filter-class /filter filter-mapping filter-namelogin/filter-name url-pattern/j_security_check/url-pattern /filter-mapping Kinda running out of options at this point, anyone else had a problem similar to needing to audit the login results? Thanks in advance, Frank