The j_security_check is processed by internal Valve and it is not
visible to application.
Also, j_security_check is for form based login only.
If your events are for auditing purposes, then one can use pluggable
audit module in GlassFish
http://docs.sun.com/app/docs/doc/820-7695/beabu?l=en&a=view&q=security+audit+glassfish
The logout auditing is missing and I have filed an issue 11808 for this,
https://glassfish.dev.java.net/issues/show_bug.cgi?id=11808
If the event is a more general purpose, then you may like to write a JSR
196 module.
Ron is going to more details on this later.
Shing Wai Chan
On 4/17/10 12:07 PM, Dominik Dorn wrote:
> Hi,
>
> I wanted to create a small framework with CDI that generates Events
> when a user logs in/out through the JAAS urls j_security_check and
> j_security_logout
> basically by providing a filter for these urls and a
> HttpServletRequestWrapper which
> authenticate(), login() and logout(), however, they never seem to get used by
> the servlet/filter processing.
>
> I also tried to find the original servlet responsible for
> j_security_check and j_security_logout
> but have failed to find the right one (looked into default-web.xml).
>
> Is there any trick I should know for this to work? Or does JAAS
> already have a Event-Framework
> and I'm reinventing the wheel here?
>
>
> Thanks,
> Dominik
>
>
>
>