You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Chen Paz <Ch...@expand.com> on 2011/08/15 15:04:08 UTC

j_security_check and RequestDispatcher forward

Hi,

I am using a servlet to intercept form based authentication in order to insert attribute into the request and then to redirect the request to j_security_check using RequestDispatcher.
But I'm getting  a 404 page with the following error:



type Status report

message /myApp/j_security_check

description The requested resource (/MyApp/j_security_check) is not available.

If I'm going directly to /MyApp/j_security_check using my browser  - j_security_check is found

Here is the code snippet:

String params = "j_username=" + request.getParameter("j_username") + "&j_password=" + request.getParameter("j_password");
String encodedSecurityURL = response.encodeRedirectURL("/j_security_check?" + params);

RequestDispatcher dispatcher ;
dispatcher = getServletContext().getRequestDispatcher(encodedSecurityURL);

dispatcher.forward( request, response);

Does anyone know why the code does not work but the direct call using the browser does work?

Regards,
Chen Paz

RE: j_security_check and RequestDispatcher forward

Posted by Chen Paz <Ch...@expand.com>.

Filter is not possible. AFAIK you can not use filter before j_security_check in Tomcat...

-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com] 
Sent: Monday, August 15, 2011 4:50 PM
To: Tomcat Users List
Subject: RE: j_security_check and RequestDispatcher forward

> From: Chen Paz [mailto:Chen.Paz@expand.com] 
> Subject: j_security_check and RequestDispatcher forward

> I am using a servlet to intercept form based authentication in order 
> to insert attribute into the request and then to redirect the request
> to j_security_check using RequestDispatcher.

I wouldn't expect that to work, due to the special handling requirements of j_security_check, in particular that the container remember the original request of the protected resource and replay it automatically when authentication is successful.

What you might want to try is a filter rather than a servlet, and have the filter modify the j_security_check request when it comes through.  (Not completely sure that's possible, either.)  Another option is to use a ServletRequestListener to manipulate requests as needed.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: j_security_check and RequestDispatcher forward

Posted by Christopher Schultz <ch...@christopherschultz.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck,

On 8/15/2011 9:49 AM, Caldarale, Charles R wrote:
>> From: Chen Paz [mailto:Chen.Paz@expand.com] Subject:
>> j_security_check and RequestDispatcher forward
> 
>> I am using a servlet to intercept form based authentication in
>> order to insert attribute into the request and then to redirect the
>> request to j_security_check using RequestDispatcher.
> 
> I wouldn't expect that to work, due to the special handling
> requirements of j_security_check, in particular that the container
> remember the original request of the protected resource and replay it
> automatically when authentication is successful.
> 
> What you might want to try is a filter rather than a servlet, and
> have the filter modify the j_security_check request when it comes
> through.  (Not completely sure that's possible, either.)  Another
> option is to use a ServletRequestListener to manipulate requests as
> needed.

This may have changed in 7.0.x, but IIRC you can't intercept a request
to j_security_check using a Filter... you'll have to use a Valve and
make sure it fires before the authentication valve.

Otherwise, the authenticator will have processed the request before your
filter (or valve) gets a chance to do anything with it.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5JRbUACgkQ9CaO5/Lv0PDTpQCdH/QKcJ/Eh1a6siRy4IRmBVmW
jF4An0DS/yoxiY/32En6xv8BhS2tRhlu
=hKm2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: j_security_check and RequestDispatcher forward

Posted by "Caldarale, Charles R" <Ch...@unisys.com>.

> From: Chen Paz [mailto:Chen.Paz@expand.com] 
> Subject: j_security_check and RequestDispatcher forward

> I am using a servlet to intercept form based authentication in order 
> to insert attribute into the request and then to redirect the request
> to j_security_check using RequestDispatcher.

I wouldn't expect that to work, due to the special handling requirements of j_security_check, in particular that the container remember the original request of the protected resource and replay it automatically when authentication is successful.

What you might want to try is a filter rather than a servlet, and have the filter modify the j_security_check request when it comes through.  (Not completely sure that's possible, either.)  Another option is to use a ServletRequestListener to manipulate requests as needed.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: j_security_check and RequestDispatcher forward

Posted by Chema <de...@gmail.com>.

2011/8/15 Chen Paz <Ch...@expand.com>:
>
> Hi,
>
> I am using a servlet to intercept form based authentication in order to insert attribute into the request


What parameter do you want to insert into the request ?
I don't know, but maybe you can do the same with a custom realm

Or, using by Spring Security

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org