You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geronimo.apache.org by Bill Brown <wb...@colorfulsoftware.com> on 2007/07/18 18:05:21 UTC

filter-mapping for j_security_check

Greetings: 

I have an app with container managed security.  There is a login form that
uses j_username and j_password to post to j_security_check.  I would like to
perform some validation on the j_username and j_password to make sure the
data entered is valid before checking the credentials against the db.  I
tried using a filter with filter-mapping in web.xml, but the filter isn't
getting called.  Below is the filter mapping.  Does anyone know how to do
this in geronimo 2.0?  Is this possible?  

<filter>
	<filter-name>loginValidator</filter-name>
	<filter-class>
		com.abc..LoginValidateFilter
	</filter-class>
</filter>

<filter-mapping>
        <filter-name>loginValidator</filter-name>
	<url-pattern>/j_security_check</url-pattern>
	<dispatcher>REQUEST</dispatcher>
	<dispatcher>FORWARD</dispatcher>
</filter-mapping>

I also tried the mapping without the <dispatcher> elements and it didn't
work either.   Thanks for any more information or clarification.  

Bill. 

-- 
View this message in context: http://www.nabble.com/filter-mapping-for-j_security_check-tf4104213s134.html#a11671705
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.

Re: filter-mapping for j_security_check

Posted by Bill Brown <wb...@colorfulsoftware.com>.

Thanks for your help djenks:  

I got this idea / example from what must be some dated code on the IBM dev
site: 
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzatz/51/sec/secdform.htm 

I think the additional JAAS login module in front of the Authentication
module could work I'm just not sure how to implement that in geronimo. 
Would I need to add another module configuration to the existing realm, or
would I add an additional realm for the application?   So far, I've been
able to configure/customize one of the packaged Database (SQL) Realms to do
the authentication work for the application but adding another module seems
tricky?     

Thanks for your input though.  
Bill.


djencks wrote:
> 
> The filter approach isn't going to work AFAIK because the security  
> constraints have to be evaluated/applied/etc before any user code  
> such as filters are run.  In fact IIUC there is no j_security_check  
> "servlet", that is handled directly by the web containers security  
> system.
> 
> Is there some reason you can't put your validation logic in an  
> (additional) login module?
> 
> thanks
> david jencks
> 
> On Jul 18, 2007, at 9:05 AM, Bill Brown wrote:
> 
>>
>> Greetings:
>>
>> I have an app with container managed security.  There is a login  
>> form that
>> uses j_username and j_password to post to j_security_check.  I  
>> would like to
>> perform some validation on the j_username and j_password to make  
>> sure the
>> data entered is valid before checking the credentials against the  
>> db.  I
>> tried using a filter with filter-mapping in web.xml, but the filter  
>> isn't
>> getting called.  Below is the filter mapping.  Does anyone know how  
>> to do
>> this in geronimo 2.0?  Is this possible?
>>
>> <filter>
>> 	<filter-name>loginValidator</filter-name>
>> 	<filter-class>
>> 		com.abc..LoginValidateFilter
>> 	</filter-class>
>> </filter>
>>
>> <filter-mapping>
>>         <filter-name>loginValidator</filter-name>
>> 	<url-pattern>/j_security_check</url-pattern>
>> 	<dispatcher>REQUEST</dispatcher>
>> 	<dispatcher>FORWARD</dispatcher>
>> </filter-mapping>
>>
>> I also tried the mapping without the <dispatcher> elements and it  
>> didn't
>> work either.   Thanks for any more information or clarification.
>>
>> Bill.
>>
>> -- 
>> View this message in context: http://www.nabble.com/filter-mapping- 
>> for-j_security_check-tf4104213s134.html#a11671705
>> Sent from the Apache Geronimo - Users mailing list archive at  
>> Nabble.com.
>>
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/validation-for-j_security_check-tf4104213s134.html#a11672763
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.

Re: filter-mapping for j_security_check

Posted by David Jencks <da...@yahoo.com>.

The filter approach isn't going to work AFAIK because the security  
constraints have to be evaluated/applied/etc before any user code  
such as filters are run.  In fact IIUC there is no j_security_check  
"servlet", that is handled directly by the web containers security  
system.

Is there some reason you can't put your validation logic in an  
(additional) login module?

thanks
david jencks

On Jul 18, 2007, at 9:05 AM, Bill Brown wrote:

>
> Greetings:
>
> I have an app with container managed security.  There is a login  
> form that
> uses j_username and j_password to post to j_security_check.  I  
> would like to
> perform some validation on the j_username and j_password to make  
> sure the
> data entered is valid before checking the credentials against the  
> db.  I
> tried using a filter with filter-mapping in web.xml, but the filter  
> isn't
> getting called.  Below is the filter mapping.  Does anyone know how  
> to do
> this in geronimo 2.0?  Is this possible?
>
> <filter>
> 	<filter-name>loginValidator</filter-name>
> 	<filter-class>
> 		com.abc..LoginValidateFilter
> 	</filter-class>
> </filter>
>
> <filter-mapping>
>         <filter-name>loginValidator</filter-name>
> 	<url-pattern>/j_security_check</url-pattern>
> 	<dispatcher>REQUEST</dispatcher>
> 	<dispatcher>FORWARD</dispatcher>
> </filter-mapping>
>
> I also tried the mapping without the <dispatcher> elements and it  
> didn't
> work either.   Thanks for any more information or clarification.
>
> Bill.
>
> -- 
> View this message in context: http://www.nabble.com/filter-mapping- 
> for-j_security_check-tf4104213s134.html#a11671705
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>