Listening for login events in JBoss AS 6

Question

I have an application running in JBoss AS6. Authentication is working using the "FORM" auth method, and the user is logging in correctly.

I would like to be able to call a piece of custom, static code whenever a user successfully logs in.

Unfortunately, I cannot find any listener, or hook, or callback, which will execute code on successful login. The HttpSessionListener does have an event for "sessionCreated", but this is called as soon as a user accesses any page, even if they have not successfully logged in. That means that even viewing the login form triggers the event.

Could anyone point me to some documentation for JBoss AS 6 (or equivalent) which shows how to run custom code at the point when a user first successfully logs in?

Thanks in advance.

Answer 1

You can add a ServletFilter implementation in front of secured Servlet.

At each invocation, the filter will test a boolean flag notFirstCall in HttpSession .

If the flag is not present, the request is the first one after user's login. It can invoke the specified job and then set the flag notFirstCall to mark the job as done for this session.

Answer 2

The workaround I can think off is having a CustomFormAuthenticator which extends org.apache.catalina.authenticator.FormAuthenticator and register it in /server/default/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml . Now in Jboss AS 7 they introduced valve concept where you can register CustomAuthenticator in jboss-web.xml iteself.

Something like..

public class CustomFormAuthenticator extends FormAuthenticator {
    @override
    public boolean authenticate(Request request, Response response, LoginConfig config) throws IOException {
        boolean authenticate = super.authenticate(request, response, config);
        //here you might need to keep track whether your custom/static code executed once or not,
        //just to avoid executing the same code again and again.
        if(authenticate) {
            int i = CustomSingleton.getInstnce().getExecuteCount();
            if(i <= 0) {
                //invoke custom code.
                //increment the count
                CustomSingleton.getInstnce().incrementExecuteCount();
            }
        }
    }
}

Now, need to register this with server in /server/default/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml Add following entry to authenticators section.

<entry>
    <key>CUSTOM-FORM</key>
    <value>full.qaulified.CustomFormAuthenticator</value>
</entry>

Then, in web.xml have CUSTOM-FORM as auth-method

<login-config>
     <auth-method>CUSTOM-FORM</auth-method>
          <form-login-config>
               <form-login-page>/login.html</form-login-page>
               <form-error-page>/login-error.html</form-error-page>
          </form-login-config>
<login-config>

Hope this helps..

Answer 3

What about something like javax.servlet.http.HttpSessionBindingListener ? Create an object, populate it how you like when a user successfully logs in and add it as an attribute to the user's session. So:

public class User implements Serializable, HttpSessionBindingListener {
private String userId;
private Timestame logonTime;
// any additional fields

@Override
public void valueBound(HttpSessionBindingEvent event) {
// this method called when this object is attached to a session
    log.debug("user " + this.userId + "bound to a session - user logged in");
// do stuff
  }
@Override
  public void valueUnbound(HttpSessionBindingEvent event) {
// this method called when user's session ends, value unbound, etc
    log.debug("user " + this.userId + "logged off");
// do other stuff
  }

}

To bind the object:

// you don't create this object until a user logs in
User userObject = new User();
userObject.setUserId();
userObject.setLogonTime();
// get your request object however you normally get it
HttpServletRequest request.getSession().setAttribute("loggedInUser", userObject);

When the attribute is set it will call the valueBound method This can also come in handy for tracking users(save log on/off info to db, etc).