This content has been marked as final.
Show 3 replies
-
1. Re: Disabling User in a JAAS-based J2EE application
starksm64 May 14, 2004 11:39 AM (in response to anbenham)You would need to create a custom tomcat valve to track this info. Here is an example that make the j_username request attribute available to the session as a j_username attribute for use in the login/error pages.
package org.jboss.sample.security; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.catalina.valves.ValveBase; import org.apache.catalina.Request; import org.apache.catalina.Response; import org.apache.catalina.ValveContext; import org.apache.log4j.Logger; /** A valve that simply associates the j_username with the session * under the attribute name j_username for use by login.jsp/error.jsp * * @author Scott.Stark@jboss.org * @version $Revision:$ */ public class FormLoginValve extends ValveBase { static Logger log = Logger.getLogger(FormLoginValve.class); public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request.getRequest(); String username = httpRequest.getParameter("j_username"); HttpSession session = httpRequest.getSession(false); log.info("Entry, username: "+username+", session:"+session); if( session != null ) session.setAttribute("j_username", username); context.invokeNext(request, response); username = httpRequest.getParameter("j_username"); session = httpRequest.getSession(false); log.info("Exit, username: "+username+", session:"+session); if( session != null ) { log.info("SessionID: "+session.getId()); Integer tries = (Integer) session.getAttribute("LOGIN_RETRIES"); log.info("LOGIN_RETRIES: "+tries); if( username != null ) session.setAttribute("j_username", username); } } }
It would be added to the jbossweb-tomcat.sar/META-INF/jboss-service.xml Config attribute like:<attribute name="Config"> <Server> <Service name = "JBoss-Tomcat"> <Engine name="MainEngine" defaultHost="localhost"> <Logger className = "org.jboss.web.catalina.Log4jLogger" verbosityLevel = "debug" category = "org.jboss.web.localhost.Engine"/> <Host name="localhost"> <!-- Access logger --> <Valve className = "org.apache.catalina.valves.AccessLogValve" prefix = "localhost_access" suffix = ".log" pattern = "common" directory = "${jboss.server.home.dir}/log" /> <Valve className = "org.jboss.sample.FormLoginValve" /> <!-- Default context parameters --> <DefaultContext cookies = "true" crossContext = "true" override = "true" /> </Host> </Engine> ...
-
2. Re: Disabling User in a JAAS-based J2EE application
tosenthu May 24, 2004 2:28 AM (in response to anbenham)Can u please tell me where to place this class. means in which jar file. can i have it in my own .ear file, but when i do this it shows an error. that class not found.
Thanks in advance -
3. Re: Disabling User in a JAAS-based J2EE application
starksm64 May 24, 2004 9:24 AM (in response to anbenham)It has to be in either the server/xxx/lib directory or in the tomcat service sar directory. I cannot be in the application deployment.