my dog learned polymorphism*
The moose likes Tomcat and the fly likes filter for j_security_check Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "filter for j_security_check" Watch "filter for j_security_check" New topic
Author

filter for j_security_check

Angel J Gama
Ranch Hand

Joined: Jun 28, 2007
Posts: 36
Hi!
Is there any way to set a filter for j_security_check? I'm using tomcat 6.x

An snippet of what I got so far is:


The thing is, I have a user's table where I store his id, password and an activatedAccount flag. So what I want is that the user can access to his account page only when he has already activated his account (this activation is through an email link).
I though the solution would be using a filter when requesting j_security_check, so I can check if the account beign authenthicated has been already activated by the user, but for some unknown reason to me this filter is never been called.
Any ideas or suggestions?

Btw My realm def is ok, authentication works ok... it's the jsecurity's filter the one that is not being called =(
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
See this FAQ entry.


Ping & DNS - my free Android networking tools app
Angel J Gama
Ranch Hand

Joined: Jun 28, 2007
Posts: 36
Ok.. So I need to use an org.apache.catalina.authenticator.FormAuthenticator Valve but how does it work? How do I say that before authentication my filter (or class) should be called?
I just added:



I'm sorry, this is new for me and tomcat doc just says I need to add a valve entry =S
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
I don't know what the FormAuthenticator Valve is (where did you get the idea that that's what you need to use?). That post actually says to write your own Valve.
Angel J Gama
Ranch Hand

Joined: Jun 28, 2007
Posts: 36
I got the idea from the link you send me. It says that a solution would be to use a valve, not write my own.
I checked tomcat's doc for valves http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
It says there are different kind of valves such as org.apache.catalina.valves.AccessLogValve (which I use, and i didn't have to write anything) and there is a Form Authenticator Valve but I don't know how to use it.

Any ideas?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
Yes, the solution is to use a Valve, but no Valve that does this exists - you need to write it.

The class you found may be the one Tomcat uses to implement form authentication; if it is, you may be able to adapt it -and patch your Tomcat installation- so that it serves your purposes. That's less portable in the face of upgrades that writing and using a Valve, though.
Angel J Gama
Ranch Hand

Joined: Jun 28, 2007
Posts: 36
Ok, sounds "easy" but... what does it means?
Any working implementation besides ideas?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: filter for j_security_check
 
Similar Threads
Can't get my login servlet to be called
Need help in reporting of protected resources in web application
Spring security intercept-url question
filter for j_security_check
Problem with the url-pattern for my filter-mapping