If this can be done with HttpSessionListener, than I am game. What I want to do, is get the username and password when the user signs on, so I can then use this data to authenticate the user to other programs as themselves.
I'm using BASIC authentication, and trying to avoid having them sign on a second time, any way to get the username and password using HttpSessionListener without having them retype the data? Justin -----Original Message----- From: Atreya Basu [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 4:07 PM To: Tomcat Users List Subject: Re: SessionListener Sorry, I should have added to this earlier, but I thought that SessionListener should go in the web.xml document under the Listener element. Or am I thinking about HttpSessionListener which is different.... Anyways if it is HttpSessionListener that you are talking about I can provide some examples. Cheers, Shapira, Yoav wrote: >Howdy, > > > >>Ok, still, I haven't found any documentation on how to add a >>SessionListener in the server.xml file, and adding one using the >> >> >listener > > >>tags defined for web.xml files doesn't seem to work. >> >> > >The XML is the similar but not quite the same to the portable one: ><listener className="mypackage.myclass" ... /> There is a generic >example in the Engine configuration reference, and another more specific >example in the Host configuration reference. Neither, however, is a >SessionListener example. > >There IS one specific, full-features SessionListener example: the >SingleSignOn valve. It's present (but commented out) in server.xml by >default, and you can take a look at the source code. It's a more >complicated and confusing example because it's also a Valve ;( But then >again, I wouldn't even bother with this whole approach when you have the >HttpSessionListener as part of the servlet specification. > >where ... are attributes specific to your listener. (The astute reader >would recognize the above as a commons Digester bean-based >initialization pattern). > > > >>I also haven't seen how to get a user's credentials from a HttpSession, >> >> >or > > >>how to get a Session from an HttpSessionListener. Could you throw me a >>bone? >> >> > >If the user is authenticated by the server, typically the information is >not in the session, it's in the request: >HttpServletRequest#getUserPrincipal. A common use-case is to stuff this >in the session via a filter. > >If you had an attribute called username that something was stuffing into >the session, i.e. something like a filter calling >session.setAttribute("username", "something"), then an >HttpSessionAttributeListener's attributeAdded would be called with the >attribute name and latest value. > >Yoav > > > > >This e-mail, including any attachments, is a confidential business communication, and >may contain information that is confidential, proprietary and/or privileged. This >e-mail is intended only for the individual(s) to whom it is addressed, and may not be >saved, copied, printed, disclosed or used by anyone else. If you are not the(an) >intended recipient, please immediately delete this e-mail from your computer system >and notify the sender. Thank you. > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > -- ____________________________________ Developer Greenfield Research Inc. atreya(AT)greenfieldresearch(DOT)ca (902)422-9426 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
