tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: j_security_check and RequestDispatcher forward
Date Mon, 15 Aug 2011 16:13:41 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck,

On 8/15/2011 9:49 AM, Caldarale, Charles R wrote:
>> From: Chen Paz [mailto:Chen.Paz@expand.com] Subject:
>> j_security_check and RequestDispatcher forward
> 
>> I am using a servlet to intercept form based authentication in
>> order to insert attribute into the request and then to redirect the
>> request to j_security_check using RequestDispatcher.
> 
> I wouldn't expect that to work, due to the special handling
> requirements of j_security_check, in particular that the container
> remember the original request of the protected resource and replay it
> automatically when authentication is successful.
> 
> What you might want to try is a filter rather than a servlet, and
> have the filter modify the j_security_check request when it comes
> through.  (Not completely sure that's possible, either.)  Another
> option is to use a ServletRequestListener to manipulate requests as
> needed.

This may have changed in 7.0.x, but IIRC you can't intercept a request
to j_security_check using a Filter... you'll have to use a Valve and
make sure it fires before the authentication valve.

Otherwise, the authenticator will have processed the request before your
filter (or valve) gets a chance to do anything with it.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5JRbUACgkQ9CaO5/Lv0PDTpQCdH/QKcJ/Eh1a6siRy4IRmBVmW
jF4An0DS/yoxiY/32En6xv8BhS2tRhlu
=hKm2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message