Init HTTP session during realm authentication stage
Hi all: I'm using realm tool for user authentication on Tomcat 7 I've made a custom realm overriding authenticate() method of DataSourceRealm class. And all works fine. But I would like to initialize HTTP session in this stage with user data. My custom authenticate() method queries user data to check if exists or not , and I wouldn't like to have to call another service to perform the same query. Is this possible ? Any ideas ?? Thanks and regards - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Init HTTP session during realm authentication stage
But I would like to initialize HTTP session in this stage with user data. My custom authenticate() method queries user data to check if exists or not , and I wouldn't like to have to call another service to perform the same query. Couldn't you just implement HttpSessionListener? Chris
Re: Init HTTP session during realm authentication stage
2011/7/18 chris derham ch...@derham.me.uk: Couldn't you just implement HttpSessionListener? Chris Yes, could be useful :-) Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Init HTTP session during realm authentication stage
2011/7/18 Chema demablo...@gmail.com Yes, could be useful :-) Thanks I guess it's not so useful than I thought :-/ The reason is that HttpSessionListener.sessionCreated method is invoked always when Tomcat server receives the first petition. Session is not created by realm code when user is validated. Now I'm trying to use filters. When realm code validates an user , redirect to protected resource. If I can filter this redirection and load user data into session, I think that could works Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Init HTTP session during realm authentication stage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chema, On 7/18/2011 9:16 AM, Chema wrote: Now I'm trying to use filters. When realm code validates an user , redirect to protected resource. If I can filter this redirection and load user data into session, I think that could works This is how we do things using a custom Realm. We allow Tomcat to go about it's business setting the Principal in the request, and then we use a Filter to detect that the Principal is set but no user object is in the session. At that point, we perform the real login and do whatever is necessary on top of the actual authentication. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4kSlwACgkQ9CaO5/Lv0PADegCeL2PnZlp0tUy19OFqcoPIGSzE wokAoIg440qywv9coCciX1gmuCLKYHlp =1Qac -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org