侦听tomcat领域身份验证事件

不幸的是，没有任何标准/抽象的方法可以使用Servlet
API对其进行挂钩。您需要编写特定于应用服务器的逻辑，或者实现一个全局过滤器来检查

HttpServletRequest#getUserPrincipal()

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) {    HttpServletRequest request = (HttpServletRequest) req;    Principal user = request.getUserPrincipal();    HttpSession session = request.getSession(false);    if (user != null && (session == null || session.getAttribute("user") == null)) {        request.getSession().setAttribute("user", user);        // First-time login. You can do your intercepting thing here.    }    chain.doFilter(req, res);}