tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Tomcat form auth not using filters
Date Mon, 08 Apr 2013 20:58:21 GMT
2013/4/9 Sergio Vieira Rolanski <>:
> Thansk for the reply,
> Let me try to be clear on this matter:
> I try open the address "http://localhost:8084/MyApplication" (or any other protected
address/page) and I'm not logged in (I have never logged in or the session is expired) Tomcat
should show me the login page (controleAcesso/Login.xhtml, that is "access control" in portuguese),
but instead I get an error (the stacktrace is below)
> Now if I try to open "http://localhost:8084/MyApplication/controleAcesso/Login.xhtml"
directly, it works just fine and I can see the login page, do the login and navigate the application.
> I know hibernate and servlet session are different things, what I meant was that each
request is intercepted by HibernateFilter (implements javax.servlet.Filter) so it opens a
session and a transaction for that request. If you look the stacktrace, my HibernateFilter
is not called at all.
> I made a request for lets say "http://localhost:8084/MyApplication/billing/BillingHistory.xhtml"
and I'm not logged in, tomcat should show me the login page, right? But it seems that to get
the appropriate response for the request (the login page instead of the BillingHistory.xhtml)
tomcat/servlet/whatever is taking another path and ignoring my servlet filters thus not opening
the hibernate session and giving me exception instead of the login page.

OK, I am understanding you problem now.

The important part of your stacktrace:

        at org.apache.catalina.core.ApplicationDispatcher.forward(
        at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(
        at org.apache.catalina.authenticator.FormAuthenticator.authenticate(
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(

That is how "forwardToLoginPage" is implemented.

If you want a Filter to be called during
javax.servlet.RequestDispatcher.forward(), it has to be mapped with


for URL "/controleAcesso/Login.xhtml".

See the Servlet specification ch. 6.2.5 for more details on filter mapping.

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message