tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor Schneider" <>
Subject How to get hold on org.apache.catalina.Manager?
Date Mon, 07 Aug 2006 17:12:22 GMT
Hi list,

first, I'm talking about Tomcat 5.0.28, but maybe those questions / pronlems
arise for other version, too.

We do have an application here which is making heavy use of frame, and
frames inside those frame and frames inside.... you know what I mean.
Our developes thought it to be a good idea, and now we can deal with the
pronlems arising.

Whn the session times out, Tomcat leads me to the login-screen - so far, so
good. However, after logging in, Tomcat doesn't know that the RequestedURL
stored in Session is in a framed view, meaning, I see the target without the
framed view.

My first approach was creating a Filter, however, I can not write any Filter
filtering j_security_check since the servlet-specs discourage this (although
Websphere supports it, but that's another story...).

So I thought about a valve...

I wrote a valve which inherits from FormAuthenticator, however, when putting
the Valve-definition itnto server.xml, I get a lot of XML-pasring-messages
(the xml iswrite, it tells me that no Context would be defined). If this
valve inherits from ValveBase, everything is fine.

What I want to do is to overwrite the original requested URL which ist
stored in Session (and where jsecurity_check forwards to), however, to need
to get hold on the Session-object, and therefore I need a Manager-Object,
and I don't see a way to do this.

Here's a snippet of the code:

   protected Session getSession(HttpServletRequest aRequest, boolean create)

        HttpSession hses = aRequest.getSession(create);
        if (hses == null)
            return (null);
        Manager manager = aContext.getManager();
        if (manager == null)
            return (null);
        else {
            try {
                return (manager.findSession(hses.getId()));
            } catch (IOException e) {
                return (null);


The variable "aContext" above is a ValveContext, and as you can imagine, I
don't need a ValveContext but org.apache.Catalina.Context... *sic*

No if I inherit my Valve from ValveBase, I don't see any way (I've read the
Catalina-Source 'til my eyes dropped out to no extend...)

Has any of you guys an idea how I can achieve what I want to (namely that
j_security_check does route to my https://myapp/index.html instead of the
saved one within FormAutheticator's Session?

Genereting a FrameBreakout is not an option, since we got tons of pages and
all are *sic* generated...

Hope my mail wasn't to confusing, if so, sorry, but I'm quite confused
myself now....

Greetings from the grounds of distress....

what's puzzlin' you, is the nature of my game

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message