views:

98

answers:

1

My question is this: With a web application, after performing a login authentication for a protected resource, how can I run some sort of function (in this case, I want to run a function to initialize some user-dependent session-scope variables) BEFORE the web-app redirects to the protected resource.

I am programming a web application using servlets and JSP's, all within the struts framework. I believe I have followed the correct JAAS or J2EE standards for security.

In other words, I have configured the web-application via the web.xml file to redirect all requests for protected material to a login form that asks the user for login information. It then submits to j_Security_check which performs the authentication and authorization before redirecting the user to the protected materials.

So, I need to run a function sometime just after the web application says "yes, this person is who they say they are" and before the web application shoves them at where they want to go.

Hope you can help me. Thanks in advance.

+1  A: 

If you use serverside sessions:

  • Create a servlet filter
  • In the filter: See if an attribute in the session has been set
  • If not: Check if user is authenticated and perform your operation if they are. Then set the attribute in the session

Thus, the operation will be executed only once.

Olaf