听tomcat的领域验证事件 [英] Listen to tomcat realm authentication events

问题描述

我需要知道当Tomcat接受使用领域验证一个给定的情况下登录。我一直在寻找可用的（和的ServletContextListener ServletContextAttributeListener）可能的听众，但无法弄清楚如何在登录时获得通知。对不同情况下使用Tomcat单点登录时，这也应该工作。任何想法？

I need to know when tomcat accepts a login using realm authentication for a given context. I've been looking at the possible listeners available (ServletContextListener and ServletContextAttributeListener) but can't figure out how to be notified when a login occurs. This should also work when using tomcat single sign on for multiple contexts. Any ideas?

推荐答案

不幸的是有没有标准/抽象的方式使用Servlet API的就可以了钩。您需要使用编写应用程序服务器特定的逻辑或者为了实现一个全球性的过滤器，检查 HttpServletRequest的＃getUserPrincipal（）每次。例如：

Unfortunately there's no standard/abstract way to hook on it using the Servlet API. You need either to write appserver specific logic or to implement a global Filter which checks the HttpServletRequest#getUserPrincipal() everytime. E.g.:

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) {
    HttpServletRequest request = (HttpServletRequest) req;
    Principal user = request.getUserPrincipal();
    HttpSession session = request.getSession(false);

    if (user != null && (session == null || session.getAttribute("user") == null)) {
        request.getSession().setAttribute("user", user);

        // First-time login. You can do your intercepting thing here.
    }

    chain.doFilter(req, res);
}

这篇关于听tomcat的领域验证事件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！