Hi, I am using form based authentication for viewing protected resources of my web application. By j_security_check, it authenticates the user and if authentication is successful, then user can view protected resources of the site.
Now I want to generate a report of which protected resources are accessed by which user along with its timestamp.
Now my question is can I generate this report by j_security_check. I am not sure how should I call my ReportingDAO from web tier as with j_security_check the whole authentication is done by container itself.
Originally posted by John Meyers: You can use a filter that is invoked for all requests. Use the isUserInRole method to find the role and you can get the query string as well. Log it and then pass it on to the servlet.
Thanks John for your reply. So if I use a filter, how user is going to be authenticated. Do I have to write database code for authentication or can I use the same FORM authentication of container? How the flow is going to be?
Thanks once again
Joined: Apr 25, 2005
This is what I have done for form based authentication...
Now, if user is not authenticated, login page opens. In login.jsp, I have a form whose action I have set to j_security_check. Form fields are j_user_name and j_password.
I mapped a login filter with the url pattern /j_security_check. So from login.jsp, when user submits the login page, Login filter should be called.
I don't know why my LoginFilter is not called? Filter gets called only when I change url-pattern of LoginFilter to /pdfs/* (i.e., same as the url patter n of the protected resource)
Can anyone please help me in this regard
I am deploying my web application on tomcat. Is it a bug of tomcat?