This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js and have Paul Jensen on-line!
See this thread for details.
Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

j_security_check  RSS feed

 
Mariusz Bogucki
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there any way I can get a hold of the parameters going to the j_security_check?(Tomcat) because filters dont work on j_security_check?
I've found a dozen of questions about that topic on the web but no answers?
Anybody?

I just need to load some more informations to the bean from the DB about the user when he is logging in but form autentication simply sends the user to the requested resource if the username and the password are correct, and there is no room to do the above.
I am using tomcat, I know that some other servers ofer certain ways to do that but tomcat not even filters work, and they seem to be the best way to do that
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are security implications that are designed to prevent what you are trying to do. I'm not saying it is impossible, just that in general you want to prevent people being able to intercept usernames and passwords.

One way, not necessarily the best, is to have a filter which watches all servlet access, waits till the getRemoteUser() is no longer null and then assigns the value. It can be a little verbose but it is a safe intermediate step.

Dave
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!