I need to know when tomcat accepts a login using realm authentication for a given context. I've been looking at the possible listeners available (ServletContextListener and ServletContextAttributeListener) but can't figure out how to be notified when a login occurs. This should also work when using tomcat single sign on for multiple contexts. Any ideas?
+1
A:
If you have access to the server configuration, you might try writing a LifecycleListener (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/LifecycleListener.html), which are configured with the server (see the tomcat server config docs for your version).
Not sure if it will do the trick or not, but a good place to check.
Good luck.
cjstehno
2009-11-12 17:54:06
+3
A:
Unfortunately there's no standard/abstract way to hook on it using the Servlet API. You need either to write appserver specific logic or to implement a global Filter which checks the HttpServletRequest#getUserPrincipal() everytime. E.g.:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
UserPrincipal user = httpRequest.getUserPrincipal();
HttpSession session = httpRequest.getSession();
if (user != null && session.getAttribute("user") == null) {
session.setAttribute("user", user);
// First-time login. You can do your intercepting thing here.
}
chain.doFilter(request, response);
}
BalusC
2009-11-12 18:06:34
This looks exactly to what I need. How about for logouts? perhaps looking at the session expiration event?
rmarimon
2009-11-13 00:12:00
If `HttpSession#invalidate()` is been used to logout, then you can indeed hook on `HttpSessionListener#sessionDestroyed()` and check if the `user` attribute is there.
BalusC
2009-11-13 02:32:41