You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "hv @ Fashion Content" <in...@fashioncontent.com> on 2005/12/02 03:24:32 UTC
Problem with filters and form authentication
I have set up the standard form authentication which posts to the url
'/j_security_check' with two forms
Home.htm and AccessDenied.htm.
If I fail log in
1) The sitewide filter is not called upon receiving the j_security_check
POST
2) It does determine the failure and chains to Home.htm
3) It doesn't call the sitewide filter before servicing Home.htm
4) It loads Tapestry ApplicationServlet with servlet path /Home.htm
I have a sitewide filter mapping '/*' so all requests should pass through
it.
Shouldn't they ?
Henrik
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem with filters and form authentication
Posted by "hv @ Fashion Content" <in...@fashioncontent.com>.
Found the answer
http://publib.boulder.ibm.com/infocenter/wsdoc400/index.jsp?topic=/com.ibm.websphere.iseries.doc/info/ae/ae/cweb_sfilt.html
need to add extra DISPATCHER entries to the filter-mapping to ensure that it
is called in forward; Forward is done as part of security...
Now I just need to figure out why I get a session timeout upon success.
"hv @ Fashion Content" <in...@fashioncontent.com> skrev i en meddelelse
news:dmob8p$kjd$1@sea.gmane.org...
>I have set up the standard form authentication which posts to the url
>'/j_security_check' with two forms
> Home.htm and AccessDenied.htm.
>
> If I fail log in
> 1) The sitewide filter is not called upon receiving the j_security_check
> POST
> 2) It does determine the failure and chains to Home.htm
> 3) It doesn't call the sitewide filter before servicing Home.htm
> 4) It loads Tapestry ApplicationServlet with servlet path /Home.htm
>
> I have a sitewide filter mapping '/*' so all requests should pass through
> it.
>
> Shouldn't they ?
>
> Henrik
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem with filters and form authentication
Posted by "hv @ Fashion Content" <in...@fashioncontent.com>.
I expected to be able to do something after auth and before loading the page
based on this:
http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/tsec_servlet.html
"hv @ Fashion Content" <in...@fashioncontent.com> skrev i en meddelelse
news:dmob8p$kjd$1@sea.gmane.org...
>I have set up the standard form authentication which posts to the url
>'/j_security_check' with two forms
> Home.htm and AccessDenied.htm.
>
> If I fail log in
> 1) The sitewide filter is not called upon receiving the j_security_check
> POST
> 2) It does determine the failure and chains to Home.htm
> 3) It doesn't call the sitewide filter before servicing Home.htm
> 4) It loads Tapestry ApplicationServlet with servlet path /Home.htm
>
> I have a sitewide filter mapping '/*' so all requests should pass through
> it.
>
> Shouldn't they ?
>
> Henrik
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org