tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Filters don't affect request dispatcher forward
Date Tue, 03 Dec 2002 17:13:12 GMT


On Mon, 2 Dec 2002, Bill Barker wrote:

> Date: Mon, 2 Dec 2002 23:50:08 -0800
> From: Bill Barker <wbarker@wilshire.com>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: Re: Filters don't affect request dispatcher forward
>
>
> "Craig R. McClanahan" <craigmcc@apache.org> wrote in message
> news:20021202172355.C63095-100000@icarus.apache.org...
> >
> >
> > On 2 Dec 2002, Alexander Wallace wrote:
> >
> > > Date: 02 Dec 2002 18:41:26 -0600
> > > From: Alexander Wallace <tomcater@rwsoft-online.com>
> > > Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> > > To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> > > Subject: Filters don't affect request dispatcher forward
> > >
> > > Hi there. I wrote a filter to ensure that resources that i want accessed
> > > using https are, and the ones that don't need to aren't.
> > >
> > > I found out that filters are only applied if the request came from the
> > > user, by typing the url or using a link, etc. They are not used if the
> > > resource is called using request dispatcher.
> > >
> > > Supposedly this is becouse of a lack of specifications in the servlet
> > > api, but that should be fixed in the api used by tomcat 5.
> > >
> > > Is all this correct?
> >
> > Yes, basically.
> >
> > > Is there a work around while tomcat 5 is released?
> >
> > You can use a security constraint with a <transport-guarantee> element to
> > require that certain accesses be performed only on SSL connections.  Then,
> > the container will do the necessary redirect for you.
>
> Urm, on my reading of the 2.3 spec, this would be a bug if Tomcat 4.x
> enforces a <transport-guarantee> on a rd.forward/include.

You're correct ... security constraints (including transport guarantees)
are only applied on the initial request.  I was offering an alternative to
using a filter for this purpose -- let the container do the work for you.

Not to mention that it's not actually possible to switch to SSL in the
middle of an existing HTTP request *without* doing a redirect ...

Craig



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message