geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: filter-mapping for j_security_check
Date Wed, 18 Jul 2007 16:31:02 GMT
The filter approach isn't going to work AFAIK because the security  
constraints have to be evaluated/applied/etc before any user code  
such as filters are run.  In fact IIUC there is no j_security_check  
"servlet", that is handled directly by the web containers security  
system.

Is there some reason you can't put your validation logic in an  
(additional) login module?

thanks
david jencks

On Jul 18, 2007, at 9:05 AM, Bill Brown wrote:

>
> Greetings:
>
> I have an app with container managed security.  There is a login  
> form that
> uses j_username and j_password to post to j_security_check.  I  
> would like to
> perform some validation on the j_username and j_password to make  
> sure the
> data entered is valid before checking the credentials against the  
> db.  I
> tried using a filter with filter-mapping in web.xml, but the filter  
> isn't
> getting called.  Below is the filter mapping.  Does anyone know how  
> to do
> this in geronimo 2.0?  Is this possible?
>
> <filter>
> 	<filter-name>loginValidator</filter-name>
> 	<filter-class>
> 		com.abc..LoginValidateFilter
> 	</filter-class>
> </filter>
>
> <filter-mapping>
>         <filter-name>loginValidator</filter-name>
> 	<url-pattern>/j_security_check</url-pattern>
> 	<dispatcher>REQUEST</dispatcher>
> 	<dispatcher>FORWARD</dispatcher>
> </filter-mapping>
>
> I also tried the mapping without the <dispatcher> elements and it  
> didn't
> work either.   Thanks for any more information or clarification.
>
> Bill.
>
> -- 
> View this message in context: http://www.nabble.com/filter-mapping- 
> for-j_security_check-tf4104213s134.html#a11671705
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>


Mime
View raw message