Write yourself a filter. The filter should wrap the HttpServletRequest
object (JEE HttpServletRequestWrapper class) and also contain a reference to
the user's credentials. Just override isUserInRole to provide your logic.
Paul
On Dec 17, 2007 12:31 AM, 张云勇 <[EMAIL PROTECTED]> wrote:
> Sorry for my pool English, I'm improving it^_^
>
> Here is my mean:
> I want to get auth user from request, but I don't know how to set the user
> to the request,like this:
>
> String user = request.getRemoteUser(); // the user principal (in string)
> Principalprincipal = request.getUserPrincipal(); // get a Principal object
> bool isAuth = request.isUserInRole("patrick");
>
>
> someone says it can be achieved by using container managed security
> policy, I can do it through by tomcat 5.X
> using "j_security" servlet, but if I want to custome the login action,such
> as logging the user's logon timestamp, how can I do it. Is struts 1.xprovied
> any JAAS related API to complete this?
