You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "hv @ Fashion Content" <in...@fashioncontent.com> on 2005/12/02 03:24:32 UTC

Problem with filters and form authentication

I have set up the standard form authentication which posts to the url 
'/j_security_check' with two forms
Home.htm and AccessDenied.htm.

If I fail log in
1) The sitewide filter is not called upon receiving the j_security_check 
POST
2) It does determine the failure and chains to Home.htm
3) It doesn't call the sitewide filter before servicing Home.htm
4) It loads Tapestry ApplicationServlet with servlet path /Home.htm

I have a sitewide filter mapping '/*' so all requests should pass through 
it.

Shouldn't they ?

Henrik 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Problem with filters and form authentication

Posted by "hv @ Fashion Content" <in...@fashioncontent.com>.

Found the answer

http://publib.boulder.ibm.com/infocenter/wsdoc400/index.jsp?topic=/com.ibm.websphere.iseries.doc/info/ae/ae/cweb_sfilt.html

need to add extra DISPATCHER entries to the filter-mapping to ensure that it 
is called in forward; Forward is done as part of security...

Now I just need to figure out why I get a session timeout upon success.

"hv @ Fashion Content" <in...@fashioncontent.com> skrev i en meddelelse 
news:dmob8p$kjd$1@sea.gmane.org...
>I have set up the standard form authentication which posts to the url 
>'/j_security_check' with two forms
> Home.htm and AccessDenied.htm.
>
> If I fail log in
> 1) The sitewide filter is not called upon receiving the j_security_check 
> POST
> 2) It does determine the failure and chains to Home.htm
> 3) It doesn't call the sitewide filter before servicing Home.htm
> 4) It loads Tapestry ApplicationServlet with servlet path /Home.htm
>
> I have a sitewide filter mapping '/*' so all requests should pass through 
> it.
>
> Shouldn't they ?
>
> Henrik 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Problem with filters and form authentication

Posted by "hv @ Fashion Content" <in...@fashioncontent.com>.

I expected to be able to do something after auth and before loading the page 
based on this:

http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/tsec_servlet.html

"hv @ Fashion Content" <in...@fashioncontent.com> skrev i en meddelelse 
news:dmob8p$kjd$1@sea.gmane.org...
>I have set up the standard form authentication which posts to the url 
>'/j_security_check' with two forms
> Home.htm and AccessDenied.htm.
>
> If I fail log in
> 1) The sitewide filter is not called upon receiving the j_security_check 
> POST
> 2) It does determine the failure and chains to Home.htm
> 3) It doesn't call the sitewide filter before servicing Home.htm
> 4) It loads Tapestry ApplicationServlet with servlet path /Home.htm
>
> I have a sitewide filter mapping '/*' so all requests should pass through 
> it.
>
> Shouldn't they ?
>
> Henrik 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org