tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21795] - j_security_check isn't fed through filters
Date Fri, 01 Aug 2003 11:12:20 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795

j_security_check isn't fed through filters





------- Additional Comments From apache@alsutton.com  2003-08-01 11:12 -------
Please see Section SRV6.2.4 in the Sun Servlet spec 2.3, which details the 
procedure a contain must follow when dealing with requests. 

In short it says that if an incoming URI matches a filter pattern the user 
specified filter should be invoked. It appears neither section says that the 
use of j_security_check should stop a filter being triggered, yet the filter 
section indicates that the filter should be.

Other containers do trigger filters on j_security_check, evidence of this can 
be found at 
http://publib7b.boulder.ibm.com/wasinfo1/en/info/aes/ae/tsec_servlet.html (4th 
paragraph),  http://mainframeforum.com/archive/1047/2003/4/545167 (comment 
from Scott Sobotka), and http://www.caucho.com/quercus/faq/question.xtp?
question_id=1239 


Snippet:

- Identifies the target web resource according to the rules of SRV.11.2.

- If there are filters matched by servlet name and the web resource has a 
servlet-name, the container builds the chain of filters matching in the order 
declared in the deployment descriptor. The last filter in this chain 
corresponds to the last servlet-name matching filter and is the filter that 
invokes the target web resource.

- If there are filters using url-pattern matching and the url-pattern matches
the request URI according to the rules of SRV.11.2, the container builds the
chain of url-pattern matched filters in the same order as declared in the 
deployment
descriptor. The last filter in this chain is the last url-pattern matching
filter in the deployment descriptor for this request URI. The last filter in
this chain is the filter that invokes the first filter in the servlet-name 
macthing
chain, or invokes the target web resource if there are none.

Mime
View raw message