You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chen Paz <Ch...@expand.com> on 2011/08/15 15:04:08 UTC
j_security_check and RequestDispatcher forward
Hi,
I am using a servlet to intercept form based authentication in order to insert attribute into the request and then to redirect the request to j_security_check using RequestDispatcher.
But I'm getting a 404 page with the following error:
type Status report
message /myApp/j_security_check
description The requested resource (/MyApp/j_security_check) is not available.
If I'm going directly to /MyApp/j_security_check using my browser - j_security_check is found
Here is the code snippet:
String params = "j_username=" + request.getParameter("j_username") + "&j_password=" + request.getParameter("j_password");
String encodedSecurityURL = response.encodeRedirectURL("/j_security_check?" + params);
RequestDispatcher dispatcher ;
dispatcher = getServletContext().getRequestDispatcher(encodedSecurityURL);
dispatcher.forward( request, response);
Does anyone know why the code does not work but the direct call using the browser does work?
Regards,
Chen Paz
RE: j_security_check and RequestDispatcher forward
Posted by Chen Paz <Ch...@expand.com>.
Filter is not possible. AFAIK you can not use filter before j_security_check in Tomcat...
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Monday, August 15, 2011 4:50 PM
To: Tomcat Users List
Subject: RE: j_security_check and RequestDispatcher forward
> From: Chen Paz [mailto:Chen.Paz@expand.com]
> Subject: j_security_check and RequestDispatcher forward
> I am using a servlet to intercept form based authentication in order
> to insert attribute into the request and then to redirect the request
> to j_security_check using RequestDispatcher.
I wouldn't expect that to work, due to the special handling requirements of j_security_check, in particular that the container remember the original request of the protected resource and replay it automatically when authentication is successful.
What you might want to try is a filter rather than a servlet, and have the filter modify the j_security_check request when it comes through. (Not completely sure that's possible, either.) Another option is to use a ServletRequestListener to manipulate requests as needed.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: j_security_check and RequestDispatcher forward
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck,
On 8/15/2011 9:49 AM, Caldarale, Charles R wrote:
>> From: Chen Paz [mailto:Chen.Paz@expand.com] Subject:
>> j_security_check and RequestDispatcher forward
>
>> I am using a servlet to intercept form based authentication in
>> order to insert attribute into the request and then to redirect the
>> request to j_security_check using RequestDispatcher.
>
> I wouldn't expect that to work, due to the special handling
> requirements of j_security_check, in particular that the container
> remember the original request of the protected resource and replay it
> automatically when authentication is successful.
>
> What you might want to try is a filter rather than a servlet, and
> have the filter modify the j_security_check request when it comes
> through. (Not completely sure that's possible, either.) Another
> option is to use a ServletRequestListener to manipulate requests as
> needed.
This may have changed in 7.0.x, but IIRC you can't intercept a request
to j_security_check using a Filter... you'll have to use a Valve and
make sure it fires before the authentication valve.
Otherwise, the authenticator will have processed the request before your
filter (or valve) gets a chance to do anything with it.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5JRbUACgkQ9CaO5/Lv0PDTpQCdH/QKcJ/Eh1a6siRy4IRmBVmW
jF4An0DS/yoxiY/32En6xv8BhS2tRhlu
=hKm2
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: j_security_check and RequestDispatcher forward
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Chen Paz [mailto:Chen.Paz@expand.com]
> Subject: j_security_check and RequestDispatcher forward
> I am using a servlet to intercept form based authentication in order
> to insert attribute into the request and then to redirect the request
> to j_security_check using RequestDispatcher.
I wouldn't expect that to work, due to the special handling requirements of j_security_check, in particular that the container remember the original request of the protected resource and replay it automatically when authentication is successful.
What you might want to try is a filter rather than a servlet, and have the filter modify the j_security_check request when it comes through. (Not completely sure that's possible, either.) Another option is to use a ServletRequestListener to manipulate requests as needed.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: j_security_check and RequestDispatcher forward
Posted by Chema <de...@gmail.com>.
2011/8/15 Chen Paz <Ch...@expand.com>:
>
> Hi,
>
> I am using a servlet to intercept form based authentication in order to insert attribute into the request
What parameter do you want to insert into the request ?
I don't know, but maybe you can do the same with a custom realm
Or, using by Spring Security
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org