Listening for login events in JBoss AS 6

Question

I have an application running in JBoss AS6. Authentication is working using the "FORM" auth method, and the user is logging in correctly.

I would like to be able to call a piece of custom, static code whenever a user successfully logs in.

Unfortunately, I cannot find any listener, or hook, or callback, which will execute code on successful login. The HttpSessionListener does have an event for "sessionCreated", but this is called as soon as a user accesses any page, even if they have not successfully logged in. That means that even viewing the login form triggers the event.

Could anyone point me to some documentation for JBoss AS 6 (or equivalent) which shows how to run custom code at the point when a user first successfully logs in?

Thanks in advance.

Answer 1

You can add a ServletFilter implementation in front of secured Servlet.

At each invocation, the filter will test a boolean flag notFirstCall in HttpSession.

If the flag is not present, the request is the first one after user's login. It can invoke the specified job and then set the flag notFirstCall to mark the job as done for this session.

Answer 2

The workaround I can think off is having a CustomFormAuthenticator which extends org.apache.catalina.authenticator.FormAuthenticator and register it in /server/default/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml. Now in Jboss AS 7 they introduced valve concept where you can register CustomAuthenticator in jboss-web.xml iteself.

Something like..

public class CustomFormAuthenticator extends FormAuthenticator {
    @override
    public boolean authenticate(Request request, Response response, LoginConfig config) throws IOException {
        boolean authenticate = super.authenticate(request, response, config);
        //here you might need to keep track whether your custom/static code executed once or not,
        //just to avoid executing the same code again and again.
        if(authenticate) {
            int i = CustomSingleton.getInstnce().getExecuteCount();
            if(i <= 0) {
                //invoke custom code.
                //increment the count
                CustomSingleton.getInstnce().incrementExecuteCount();
            }
        }
    }
}

Now, need to register this with server in /server/default/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml Add following entry to authenticators section.

<entry>
    <key>CUSTOM-FORM</key>
    <value>full.qaulified.CustomFormAuthenticator</value>
</entry>

Then, in web.xml have CUSTOM-FORM as auth-method

<login-config>
     <auth-method>CUSTOM-FORM</auth-method>
          <form-login-config>
               <form-login-page>/login.html</form-login-page>
               <form-error-page>/login-error.html</form-error-page>
          </form-login-config>
<login-config>

Hope this helps..