-none- 2007-08-14 - By Christopher Schultz
Back
-- --BEGIN PGP SIGNED MESSAGE-- --
Hash: SHA1
Eugen,
Eugen Stoianovici wrote:
> Since I can't intercept the login form (which goes to j_security_check)
> where should i put the code for setting those session values?
Ah, but you can intercept it!
You just need to think outside the container. Or, inside, rather. Use a
filter with logic like this:
public void doFilter(...)
{
Principal p = request.getPrincipal();
HttpSession session = request.getSession();
Object mySessionObj = session.getAttribute("my_session_key");
if(null != p && null == mySessionObj)
{
// There is a Principal (valid login) who has not been set up.
// TODO: retrieve whatever objects you need to stick in
// the session.
mySessionObj = ...;
session.setAttribute("my_session_key", mySessionObj);
}
}
I myself use a filter like this, and it works just fine.
I hope that helps,
- -chris
-- --BEGIN PGP SIGNATURE-- --
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGwdLj9CaO5/Lv0PARAtUKAJ49aG9OFCmlLfiwElOIqilRWgxLWACgmAph
QrsIbkd6e1CykySOfx+sfPQ=
=WzPF
-- --END PGP SIGNATURE-- --
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)
|
|
