2

I need to know when tomcat accepts a login using realm authentication for a given context. I've been looking at the possible listeners available (ServletContextListener and ServletContextAttributeListener) but can't figure out how to be notified when a login occurs. This should also work when using tomcat single sign on for multiple contexts. Any ideas?

Ricardo Marimon
  • 10,339
  • 9
  • 52
  • 59

2 Answers2

7

Unfortunately there's no standard/abstract way to hook on it using the Servlet API. You need either to write appserver specific logic or to implement a global Filter which checks the HttpServletRequest#getUserPrincipal() everytime. E.g.:

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) {
    HttpServletRequest request = (HttpServletRequest) req;
    Principal user = request.getUserPrincipal();
    HttpSession session = request.getSession(false);

    if (user != null && (session == null || session.getAttribute("user") == null)) {
        request.getSession().setAttribute("user", user);

        // First-time login. You can do your intercepting thing here.
    }

    chain.doFilter(req, res);
}
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
1

If you have access to the server configuration, you might try writing a LifecycleListener (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/LifecycleListener.html), which are configured with the server (see the tomcat server config docs for your version).

Not sure if it will do the trick or not, but a good place to check.

Good luck.

cjstehno
  • 13,468
  • 4
  • 44
  • 56