2 Replies Latest reply on Dec 21, 2005 3:35 PM by Aaron

    Where to create a new user object in web session?

    Aaron Novice

      Hey all!

      I finally got the hang of the JAAS Login Modules, and can create my own login modules against Active Directory.

      Now, I'm struggling with where to create the "current user" object in the session?

      I'm using EJB3 beans, and I have a User Entity Bean that I want to create when the user logs in, and either store in the HTTP Session, or keep it in a Stateful Session Bean.

      Unfortunately, I'm not sure "where" to create this object? The JAAS modules do not have anything to do with the web sessions, and the authentication method hands off to Tomcat via j_security_check. So, I can't build the object that way.

      I can probably do it in a filter, but I only want the creation to be AFTER just the authentication, not on every request, as I have pages that do not need authentication.

      What's the general practice for creating a "currentUser" object to place in the session, while still maintaining container-managed security?

      Thanks everyone!