I have the following scenario:
- The user can see a static page with a login form. - The form action points to a web application.
In order to allow the user to log on, I have to use a request filter
and check the parameter values (username/password).
The typical Tomcat-Logins are no option for me as I want the user to be
able to log in from several static login forms.
However Tomcat requires the user to access the web application _first_ and sends the login form back _after_ that request.
Therefore, I use a authentication filter (from javax.servlet.Filter) in order to allow users to log in. The filter wraps the request in a wrapper (from javax.servlet.ServletRequestWrapper) and overrides the following methods to fake a tomcat-form-login:
- getAuthType - getRemoteUser - getUserPrincipal - isUserInRole
So far, so good.
Now, it would be nice if the user could close his browser and get his session back after logging in again (within the session timeout).
My current approach is...
- to let the filter save the relation user<->session in an
internal object (e.g. hashmap)
- to let the filter implement HttpSessionListener in order to
remove unneeded relations from that object
- to override the method getSession() in the request wrapper
and return the old session if a user comes back and has
an session assossiated with his user nameNow the missing part of the jigsaw:
How can I tell the session (or tomcat) that the old session is still in
use and not idle?
An API that does something like the Unix command "touch" for tomcat sessions would be great.
Can all this be achieved easier than described here?
Thanks in advance,
Hans
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
