1 Reply Latest reply on Nov 7, 2004 8:43 AM by Mike Finn

    notification of authentication success/failure

    Adam Ramadan Newbie


      In my web application I would like to store the last time the user has logged into the application. I'm using the standard Servlet 2.4 mechanisms (web.xml declarative security with Form based authentication) and JBoss's DatabaseServerLoginModule (JBoss 3.2.5).

      I've been through the specs, searched the web, and looked at a great deal of the JBoss/Tomcat code searching for an efficient way to do this but the only thing I have come up with is testing the request.getRemoteUser() in a Filter that sits in front of all requests to my application, and noting when the return value becomes non-null. It works, but isn't ideal. I haven't been able to find any way to listen for some type of notification that a login attempt has occurred.

      Does anyone have any suggestions?

      The only other thought that occurred to me is that perhaps it would be possible to use AOP to intercept the authentication? I don't know much about AOP, is it time to learn?