Re: [securityfilter-user] getting parameters from j_security_check form

[Christopher M. <C_M...@ma...>]

Chris, thanks for the quick reply!  As it happens I actually just 
finished method #1 -- in this case I just needed the filter to set a 
session attribute from the extra parameter in the login form, which 
appears to be working.  If it starts to cause problems or get hairy 
later, I'll take a look at FlexibleSecurityRealm too.


On 6/11/2009 10:45 AM, Christopher Schultz wrote:
>> Is it possible to access an extra parameter in the
>> j_security_check form using SecurityFilter?
>>      
> There are several ways:
>
> 1. Write your own filter that runs before or after sf and do whaetever
> you want.
>
> 2. Implement your own Realm that implenents FlexibleSecurityRealm which
> has full access to the request object. You can pull-out any information
> you'd like.
>
> I like #2 because it's much more likely to work properly (!) and you
> probably want to implement your own Realm in this case, anyway.
>
> I do this on my current project in order to log failed logins' source IP
> address (available from the request object).
>
> In order to use FlexibleSecurityRealm, I believe you need to get the
> latest sf code from CVS and compile it yourself (it's no big deal, you
> just have to have Apache ant and a JDK installed).
>
> I hope that helps,
> -chris
>
>    
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> ------------------------------------------------------------------------
>
> _______________________________________________
> securityfilter-user mailing list
> sec...@li...
> https://lists.sourceforge.net/lists/listinfo/securityfilter-user
>