tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abid Ali Teepo" <>
Subject Redirect vs RequestDispatcher
Date Thu, 10 Jul 2003 15:11:12 GMT

I need some input on pro & con with using redirect instead of requestdispatcher. I heard
someone mention something about firewall issues or other security concerns ....

The reason i'm asking is that i have a problem making my requestdipatcher work, while the
redirection works just fine.

I use a filter that checks for a valid session before giving access to a restricted area.
If there is no valid session i use the requestdispatcher to forward it to the login page.
But when it does that it looks for the login page files in the wrong place. Let me give an

My app area is on "https://localhost/sec/
My secure area is on "https://localhost/sec/secure/

Whenever i request something in the secure area, without a valid session, i want the request
to be forwarded back to my app area. So far it works, but the references to html and jsp within
that index.jsp gets an extra /secure/ added to the when requesting the files. This makes it
look for https://localhost/sec/secure/someloginpage.jsp instead of 
https://localhost/sec/someloginpage.jsp . This is the problem, hence it does not find the

The extra "/secure" is the url-pattern that triggers my filter.

Yes, i know i could use form based authentication, but i have a proprietary loginfunctionality
that can't be done with j_security_check

I will be happy for any comment or suggestion.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message