2 Replies Latest reply on Dec 21, 2005 3:35 PM by neelixx

Where to create a new user object in web session?

neelixx Dec 10, 2005 3:03 PM

Hey all!

I finally got the hang of the JAAS Login Modules, and can create my own login modules against Active Directory.

Now, I'm struggling with where to create the "current user" object in the session?

I'm using EJB3 beans, and I have a User Entity Bean that I want to create when the user logs in, and either store in the HTTP Session, or keep it in a Stateful Session Bean.

Unfortunately, I'm not sure "where" to create this object? The JAAS modules do not have anything to do with the web sessions, and the authentication method hands off to Tomcat via j_security_check. So, I can't build the object that way.

I can probably do it in a filter, but I only want the creation to be AFTER just the authentication, not on every request, as I have pages that do not need authentication.

What's the general practice for creating a "currentUser" object to place in the session, while still maintaining container-managed security?

Thanks everyone!

1. Re: Where to create a new user object in web session?

starksm64 Dec 21, 2005 11:55 AM (in response to neelixx)

Adding the user to the session when its does not exist and getUserPrincipal returns non-null would be one way.
Actions
2. Re: Where to create a new user object in web session?

neelixx Dec 21, 2005 3:35 PM (in response to neelixx)

Heh! It's almost always the simplest way, isn't it? I guess that's just me. I seem to try to make things more difficult than they really need to be.

THANKS, Scott! I probably would have never come up with that. I probably would have tried to build an algorithm that solve coldfusion.

Sheesh! I need more coffee.

Again, thanks.
Actions

Go to original post