stackoom
  简体   繁体   中英

set session attribute after login

 原文  2016-05-22 09:43:47       java/ login/ wildfly

Question

I need to set ID of a user as a session attribute after login using Java EE form login module.

Right now, after login, I send another HTTP request, which sets the ID as a session attribute, but I need to do it in one step. What is the best way to do it?

login module configuration in standalone.xml: 

<login-module code="com.MyLoginModule" flag="required">
    <module-option name="dsJndiName" value="java:/PostgresDS"/>
    <module-option name="principalsQuery" value="select password from appuser where email=?"/>
    <module-option name="rolesQuery" value="select 'AUTHENTICATED', 'Roles' from appuser where email=?"/>
    <module-option name="hashAlgorithm" value="custom"/>
</login-module>

Additional request after login (RESTEasy): 

@GET
@Path("/web")
@Produces(MediaType.APPLICATION_JSON)
public User getUser(@Context HttpServletRequest hsr) throws MyRuntimeException{
    User u;
    HttpSession session = hsr.getSession();
    u = um.getUserByMail(hsr.getUserPrincipal().getName());
    session.setAttribute("userId", u.getId());
    return u;
}

MyLoginModule: 

public class MyLoginModule extends DatabaseServerLoginModule {
@Override
public String createPasswordHash(String username, String password, String digestOption){code}
}

1 answers

solution1
 0  2016-05-23 15:55:30

I assume you're using JBoss here....

You could for example enhance the

org.apache.catalina.authenticator.FormAuthenticator

(used as standard authenticator in JBoss ) and implement your additional logic there. 

public class MyFormAuthenticator extends FormAuthenticator{

@Override
public boolean  authenticate(Request request,HttpServletResponse response,LoginConfig config){
   boolean success = super.authenticate(request,response,config);
   if(success){
      Session session = request.getSessionInternal(false); // Use the existing session
      session.put .... // the action which you want to do
   }
   return success;
}

Don't forget to adjust the jboss-web.xml (placed in WEB-INF folder): 

<jboss-web>
   <context-root>myContext</context-root>
   <valve>
     <class-name>MyFormAuthenticator</class-name>
   </valve>
</jboss-web>

Maven

Ensure that you use this Maven Dependency (not jboss-as-web): 

<dependency>
  <groupId>org.jboss.web</groupId>
  <artifactId>jbossweb</artifactId>
  <version>7.5.10.Final</version>
</dependency>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Session set attribute not working Losing session after Login Missing CSFR_TOKEN session attribute after login process in Spring Security with Angular JS Set session attribute using javascript How set session attribute during session creation? intercepting session set attribute call Attribute set in portlet session is not available in servlet session redict to login after session expire create new session after login Populate user session after login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM