users@glassfish.java.net

Re: Events when logging in/out - JAAS / j_security_check

From: Dominik Dorn <dominik.dorn_at_gmail.com>
Date: Mon, 19 Apr 2010 21:42:24 +0200

I actually don't want the events for auditing, but for application
based execution of certain code, when the specific event happens. E.g.
LoginEvent: Set the users status to online; Persist transient user
objects to the database etc.
LogoutEvent: Set the users status to offline;
LoginFailedEvent: Log the ip/username of the failed request, prepare
blocking user on x. failed login.
etc.


So it seems I have to take a look into JSR 196. I will probably open source
the solution and allow other frameworks to incorporate it, like seam etc.



On Mon, Apr 19, 2010 at 7:46 PM, Shing Wai Chan
<shing.wai.chan_at_oracle.com> wrote:
> The j_security_check is processed by internal Valve and it is not visible to
> application.
> Also, j_security_check is for form based login only.
> If your events are for auditing purposes, then one can use pluggable audit
> module in GlassFish
>
>  http://docs.sun.com/app/docs/doc/820-7695/beabu?l=en&a=view&q=security+audit+glassfish
> The logout auditing is missing and I have filed an issue 11808 for this,
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=11808
>
> If the event is a more general purpose, then you may like to write a JSR 196
> module.
> Ron is going to more details on this later.
>
> Shing Wai Chan
>
>
> On 4/17/10 12:07 PM, Dominik Dorn wrote:
>>
>> Hi,
>>
>> I wanted to create a small framework with CDI that generates Events
>> when a user logs in/out through the JAAS urls j_security_check and
>> j_security_logout
>> basically by providing a filter for these urls and a
>> HttpServletRequestWrapper which
>> authenticate(), login() and logout(), however, they never seem to get used
>> by
>> the servlet/filter processing.
>>
>> I also tried to find the original servlet responsible for
>> j_security_check and j_security_logout
>> but have failed to find the right one (looked into default-web.xml).
>>
>> Is there any trick I should know for this to work? Or does JAAS
>> already have a Event-Framework
>> and I'm reinventing the wheel here?
>>
>>
>> Thanks,
>> Dominik
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
> 



-- 
Dominik Dorn
http://dominikdorn.com
Tausche Deine Lernunterlagen auf http://www.studyguru.eu !
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.