SERVLETS: extending j_security_check - filter or event listener?

Discussion in 'Java' started by Sasha Borodin, Jul 28, 2003.

  1. Hey All,

    I'm looking for advise on how to approach a problem: I would like to use
    Container Managed Authentication for a multitude or reasons; however, I need
    to be able to perform additional "login" tasks upon authentication.

    My first though was to force the "next page" after j_security_check does
    it's thing - this way I could point it to an Action that performs my tasks,
    and only then honor the originally requested URL. However, this seems not
    possible, as the mechanism for forwarding the user to the requested URL is
    not part of the Servlet spec, thus proprietary.

    My second thought was to "help" j_security_check by either wrapping a filter
    around it, or having a session attribute listener catch some distinct
    activity produced by the authentication event. I am curious about the
    feasibility/side effects of both these approaches. Here's my thoughts so
    far:

    Filter:
    - is it possible to map a filter to just j_security_check...I'd found
    something about a problem using a filter with that URI:
    http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795
    - is it good to separate this part of the code into a filter,
    architecturally speaking

    Event listener:
    - the Pricipal object must be bound to the session I would think; what
    would be it's name?
    - is this name standard? I did not find any reference to the specifics
    in the Servlet spec (will it be different with different containers?)
    - would there be a "race" condition (don't know if I'm using the term
    correctly) - is it guaranteed that when the Session Attribute event listener
    is triggered, it'll be done doing it's thing before the request is passed on
    to the requested URL?

    -----

    Or is there a better way to approach "post-authentication" tasks altogether,
    while utilizing Container Managed Authentication? Please don't say
    Sourceforge's Security Filter, because I'm trying to stick to CMA and it's
    benefits (EJB container authentication for one) :)

    TIA,

    -Sasha Borodin
     
    Sasha Borodin, Jul 28, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Slobodan C

    Event listener list implementation

    Slobodan C, Jan 22, 2004, in forum: Java
    Replies:
    2
    Views:
    1,197
    Slobodan C
    Jan 23, 2004
  2. Shrish
    Replies:
    1
    Views:
    440
    Thomas Smith
    Oct 16, 2004
  3. Aj-India

    location of j_security_check

    Aj-India, Apr 10, 2006, in forum: Java
    Replies:
    4
    Views:
    16,802
    Aj-India
    Apr 11, 2006
  4. Narendra Sisodiya

    j_security_check and Ajax call

    Narendra Sisodiya, Aug 4, 2009, in forum: Java
    Replies:
    0
    Views:
    1,574
    Narendra Sisodiya
    Aug 4, 2009
  5. Mike Scirocco
    Replies:
    4
    Views:
    293
    Mike Scirocco
    Apr 5, 2007
Loading...

Share This Page