This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Post - login processing Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Post - login processing" Watch "Post - login processing" New topic
Author

Post - login processing

Wes Hughes
Ranch Hand

Joined: Jul 29, 2002
Posts: 31
I'm stuck on the problem of wanting to perform a specific action (setting a session attribute for display in the UI) after a user has logged in (using JAAS/j_security_check). At first I thought I'd apply a filter to j_security_check. Not supported. Then I decided to just apply a filter to all *.do requests. This works fine except for certain login situations, where j_security_check just forwards to the requested page and my filter is never called. So currently, when the user logs in to certain pages, the first page view is missing the session attribute I want to display and it looks buggy.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30124
    
150

Originally posted by Wes Hughes:
Then I decided to just apply a filter to all *.do requests. This works fine except for certain login situations, where j_security_check just forwards to the requested page and my filter is never called.

A filter is definitely the way to go. It sounds like there are some pages that forward directly to JSPs, rather than the Struts action. If that is the case, you need to refactor the design a bit. You can still have the forward to a JSP by adding a level of indirection. Forward to an action path in the Struts config file. It doesn't have to be a full fledged action. Just having it in the struts config file will be enough to go through the ActionServlet. Then your filter will get called.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Wes Hughes
Ranch Hand

Joined: Jul 29, 2002
Posts: 31
Originally posted by Jeanne Boyarsky:

A filter is definitely the way to go. It sounds like there are some pages that forward directly to JSPs, rather than the Struts action. If that is the case, you need to refactor the design a bit. You can still have the forward to a JSP by adding a level of indirection. Forward to an action path in the Struts config file. It doesn't have to be a full fledged action. Just having it in the struts config file will be enough to go through the ActionServlet. Then your filter will get called.


Bad terminology on my part, j_security_check is forwarding to the protected resource, in this case a Struts action. Problem was I was doing my work after chain.doFilter(), so it wasn't showing up in page I expected. Anyways, thanks for the help.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Post - login processing
 
Similar Threads
Filter not mapped
How to implement authentication for each jsp page
session time out cheching using filter
How does jSecurityCheck know which page was requested ?
storing password into session with filters