File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes How to save the login ID as a session attribute ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to save the login ID as a session attribute ?" Watch "How to save the login ID as a session attribute ?" New topic
Author

How to save the login ID as a session attribute ?

James Adams
Ranch Hand

Joined: Sep 12, 2003
Posts: 188
I am using form-based authentication in a web application which is being deployed on a JBoss 3.2.3 server. I am authenticating against an Oracle database by way of a DatabaseServerLoginModule (JAAS).
I would like to save the user's login ID as a session attribute in order to be able to use it later in the application.
It's not obvious how you can capture this information and add it to the session, since it seems that the login ID is lost once the authentication is done by j_security_check process.
Is there some way to tell the servlet container to save the login ID as a session attribute as part of the j_security_check process (something along the lines of "if the authentication succeeds add the login ID as an attribute to the session") ?
Is there another approach ? What is the accepted "best practice" for doing session initialization after authentication ? For example if a user needs to have several attributes set in their session after login -- how is this handled ? I have done this before with a login servlet which did both the authentication and the session initialization, but when using form-based authentication and j_security_check it's not clear to me how you go from the authentication to the initialization logic.
Thanks in advance for any suggestions or insight.

-James
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

You are refering to the login name the user authenticated against? It is automatically available as request.getRemoteUser()
It is also available as request.getUserPrnciple().getName()
James Adams
Ranch Hand

Joined: Sep 12, 2003
Posts: 188
Thanks, this is exactly what I needed.
-James
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to save the login ID as a session attribute ?