Tomcat Realm身份验证-登录后

Question

I am using Tomcat 8 with a DataSourceRealm and FORM authentication for logging into my webapp. The authentication piece is working correctly but I would like to execute code immediately after a successful login. I cannot seem to find where to put this code since nearly all the authentication is handled by tomcat.

Here is my html:

<form method="POST" action="j_security_check">
    <table>
        <tr>
            <td colspan="2">Login Blah blah blah</td>
        </tr>
        <tr>
            <td>Name:</td>
            <td><input type="text" name="j_username" /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type="password" name="j_password"/ ></td>
        </tr>
        <tr>
            <td colspan="2"><input type="submit" value="Go" /></td>
        </tr>
    </table>
</form>

and web.xml relevant info:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected pages</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/jsp/Login.jsp</form-login-page>
        <form-error-page>/jsp/Login.jsp?action=error</form-error-page>
    </form-login-config>
</login-config>

and my context.xml

<Realm className="org.apache.catalina.realm.DataSourceRealm"
    digest="MD5"
    allRolesMode="authOnly"
    <!-- sensitive info removed -->  />

Some examples of post login code I would like to execute are checking if password is expired, updating last login time, etc, etc...

Answer 1

I don't think it can be done with DataSourceRealm . Which means you'll either have to write your own Realm implementation, or forget about using Tomcat to handle the logins and write your own login code. I would do the latter, but that's a matter of preference.