Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Apache Tomcat »

Re: tracking user logins

Pid

2007-01-30

Replies:

Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bret,
>
> Bret Davies wrote:
>> I want to be able to track who (by user defined name) logs in and
>> when. Can you help me out or point me in the right direction.
>
> I'm assuming that you are using container-manager security -- that is,
> Tomcat is enforcing the authorization and does its own authentication,
> etc. In that case, you can't capture the "login" event itself without
> going pretty far out of your way.
>
> I wanted to do this a while ago and determined that the best solution
> for my needs was to create a filter.

I hacked up the JDBCRealm and had it write a record recording the event
to a log file table after it had finished doing Auth.

Dead easy to swap the tweaked version into the site.

> My filter is applied to all URIs in my application. It checks to see if
> the user is logged-in ("null != request.getUserPrincipal()"), and if
> there is an attribute in the session called "user". If no such attribute
> occurs, I load the user from the database and set the "last login date"
> (as well as put an entry in my login_history table), and then put the
> user object into the session.
>
> This is pretty much the easiest way to do it if you ask me.
>
> Note that you still can't record failed logins, which you may decide to
> do. In order to do that, I chose to switch security mechanisms and
> instead use securityfilter, which mimics the behavior of the
> container-manager authentication and authorization, but is much more
> configurable and pluggable IMO. Using securityfilter, I am able to
> capture failed logins and record them in my database for retrospective
> security auditing without resorting to container-specific code.
>
> Hope that helps,
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFv5ss9CaO5/Lv0PARAqwjAKC+gXnGpYVc7zOwAlIsVD810om2VgCeJBR+
> enx4ZyblEgLl2yeDbEOyEkk=
> =2VHc
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.