This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Tomcat and the fly likes filter for j_security_check Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "filter for j_security_check" Watch "filter for j_security_check" New topic
Author

filter for j_security_check

Angel J Gama
Ranch Hand

Joined: Jun 28, 2007
Posts: 36
Hi!
Is there any way to set a filter for j_security_check? I'm using tomcat 6.x

An snippet of what I got so far is:


The thing is, I have a user's table where I store his id, password and an activatedAccount flag. So what I want is that the user can access to his account page only when he has already activated his account (this activation is through an email link).
I though the solution would be using a filter when requesting j_security_check, so I can check if the account beign authenthicated has been already activated by the user, but for some unknown reason to me this filter is never been called.
Any ideas or suggestions?

Btw My realm def is ok, authentication works ok... it's the jsecurity's filter the one that is not being called =(
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41579
    
  54
See this FAQ entry.


Ping & DNS - my free Android networking tools app
Angel J Gama
Ranch Hand

Joined: Jun 28, 2007
Posts: 36
Ok.. So I need to use an org.apache.catalina.authenticator.FormAuthenticator Valve but how does it work? How do I say that before authentication my filter (or class) should be called?
I just added:



I'm sorry, this is new for me and tomcat doc just says I need to add a valve entry =S
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41579
    
  54
I don't know what the FormAuthenticator Valve is (where did you get the idea that that's what you need to use?). That post actually says to write your own Valve.
Angel J Gama
Ranch Hand

Joined: Jun 28, 2007
Posts: 36
I got the idea from the link you send me. It says that a solution would be to use a valve, not write my own.
I checked tomcat's doc for valves http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
It says there are different kind of valves such as org.apache.catalina.valves.AccessLogValve (which I use, and i didn't have to write anything) and there is a Form Authenticator Valve but I don't know how to use it.

Any ideas?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41579
    
  54
Yes, the solution is to use a Valve, but no Valve that does this exists - you need to write it.

The class you found may be the one Tomcat uses to implement form authentication; if it is, you may be able to adapt it -and patch your Tomcat installation- so that it serves your purposes. That's less portable in the face of upgrades that writing and using a Valve, though.
Angel J Gama
Ranch Hand

Joined: Jun 28, 2007
Posts: 36
Ok, sounds "easy" but... what does it means?
Any working implementation besides ideas?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: filter for j_security_check