Oh, oh, I know!!! Pick me! Two ways to do it, one inherits from the other.
// Returns user name used to login and passwd HttpServletRequest.getUserPrincipal(); the other way to do it is as above except that you create your own realm and return your own subclass of java.security.Principal. Then you can have all sorts of methods. We do this to get user id, which is populated when user authenticates. Simply down cast the principal to MyNewPrincipal person = (MyNewPrincipal)request.getUserPrincipal(); BE WARNED THOUGH!!!!! I have done #2. It works nice with a hitch that I have been trying to figure a clean way around. the only way to get the webapp and TC to see your custom principal is to put it in 2 seperate directories ~/common/lib and ~/lib. except that doing so causes the class to be loaded by two different classloaders and when you go to downcast in your servlet you will get a ClassCastException. Putting it in 1 directory or the other causes one either my realm or the org.apache.catalina.realm.RealmBase to not be found. The solution I have found is to override the entire class path with -classpath and include the jars there. By the way, has anyone come up with a solution to this? Chris ----- Original Message ----- From: "Jon Weinberg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 18, 2001 7:08 PM Subject: Session I am running Tomcat 4.0 with form-based authentication. I would like to add some user-specific variables into the session as soon as the user logs in (that is, as soon as the user logs in, I want to get the username from the form, use it to query my DB, put some results into the user's session, and have the user continue on to the page he originally requested.) I have tried a number of solutions that don't work: 1) I've tried having the login form's action send the info to a servlet that does the processing and then forwards the request to "j_security_check", but that solution only works in 3.2 and not in 4.0 2) I have attached an HttpSessionListener, but since the session is created before the user actually logs in, my listener does not yet have the username and cannot complete the preprocessing. Is there a way for me to execute something right AFTER a user authenticates? Thanks, Jon -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
