1 Reply Latest reply on Mar 30, 2004 4:47 AM by ahardy66

Executing code immediately after form-base JAAS-login

ant Mar 29, 2004 3:28 AM

Hi All,

does anybody know how to execute code directly after the webcontainer authenticates an user using form-based JAAS-login? Among other duties I inted to log (i.e. to create a log entry) every login attempt into the database. Because the webcontainer handles the authentication automatically there is no way to get called from the framework.

There where two attempts I've done:
1. Writing a web-filter.
2. Writing a custom LoginModule.

The precondition for the first attempt is that the task handling the request "j_security_check" has also to be a filter. This is not the case. "j_security_check" runs completely isolated.

For the second attempt I wrote:

public class LoggedDatabaseServerLoginModule extends DatabaseServerLoginModule{
 public boolean login() throws LoginException {
 boolean loginResult = super.login();
 if ( loginResult == true) {
 write_into_database("user logged in successfully");
 } else {
 write_into_database("user logged in not successfully");
 }

 return loginResult;
 }
}

Becaus of the caching mechanism of Jboss the login()-method gets called only once when the authentication cache will be filled with user information. For any further login attempt login() will not be called.

So, where can code be placed that should be executed immediately after login?

I am using the Jboss 3.2.1/Jetty bundle.

Thanks,
Gerd

1. Re: Executing code immediately after form-base JAAS-login

ahardy66 Mar 30, 2004 4:47 AM (in response to ant)

You can achieve what you want if you set up a filter to check the session for a flag, and to check for login with getRemoteUser()

When login is true but flag is null, do your 'write_into_database' and then put the flag in the session.
Actions