On Mon, 22 Apr 2002, Tim Cronin wrote:
> Date: Mon, 22 Apr 2002 10:46:58 -0500
> From: Tim Cronin <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: initializing Session state during realm login
>
> I'm trying to use a custom Realm and FORM authentication.
>
> I need to be able to initialize session data after successful login.
>
> I found information on needing to create a Custom Authenticator.
> http://mikal.org/interests/java/tomcat/archive/view?mesg=56125
> I'm worried about having muck with tomcat internals to do this.
>
> Is there a way to have the FORM authentication redirect to a
> determined start page on successful login so I can do all my
> initialization there? this would solve my problem.
>
There is no way to do this. On successful authentication, the container
will perform the original request to the protected resource that triggered
the authentication in the first place.
I suggest something like the following:
* Session created listener that is called when new sessions
are created (this will happen automatically for you wne using
form based login), and places a token in a none session attribute.
* Filter that processes each request to your app. If it finds
the special token, it performs the setup actions that are required
(based on the user info returned by request.getRemoteUser() and/or
request.getUserPrincipal()) and removes the special token.
Doing things this way will keep you portable across any servlet 2.3
container.
Craig
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
