tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: j_security_check and RequestDispatcher forward
Date Mon, 15 Aug 2011 16:13:41 GMT
Hash: SHA1


On 8/15/2011 9:49 AM, Caldarale, Charles R wrote:
>> From: Chen Paz [] Subject:
>> j_security_check and RequestDispatcher forward
>> I am using a servlet to intercept form based authentication in
>> order to insert attribute into the request and then to redirect the
>> request to j_security_check using RequestDispatcher.
> I wouldn't expect that to work, due to the special handling
> requirements of j_security_check, in particular that the container
> remember the original request of the protected resource and replay it
> automatically when authentication is successful.
> What you might want to try is a filter rather than a servlet, and
> have the filter modify the j_security_check request when it comes
> through.  (Not completely sure that's possible, either.)  Another
> option is to use a ServletRequestListener to manipulate requests as
> needed.

This may have changed in 7.0.x, but IIRC you can't intercept a request
to j_security_check using a Filter... you'll have to use a Valve and
make sure it fires before the authentication valve.

Otherwise, the authenticator will have processed the request before your
filter (or valve) gets a chance to do anything with it.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message