You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gregor Schneider <rc...@googlemail.com> on 2006/08/04 20:07:17 UTC

Tomcat 5.0.28 and catching j_security_check

Hi guys,

I'm having some really sever headache here.

This is what I'd like to do:

On front we have an Apache 2.0.49 HHTP-server connected to Tomcat 5.0.28 via
mod_jk. Now we'd like to create a SSO (Singgle-Sign-On) module, which does
some freaky stuff for both Apache HTTP and Tomcat. However, I don't have any
clue how to interact with j_security_check

The "freaky stuff" actually is, that I want to forward the request to our "
index.html". This is necessary, since our designers designed our app with a
lot of embedded frames *sic*, and when the session times out,
j_security_check routes me to the login-page, however, afterwards we don't
get the framed view but the requested url in the window *without* the frames
around it.

My first idea was to create a servlet-filter, but after googeling my brains
out I just saw ppl facing problems with this approach an none having any
answers. Some guys said it's not defined in the Servlet-specs that filter
work on "j_security_check", so Tomcat doesn't support that (however:
Websphere does....)

Anyway, I came up with the idea to write a simple valve which should do the
following:

- within the valve check if ((HttpRequest)request).getDecodedRequestURI());
equals to "/myApp/j_ecurity_check"
- within the valve somehow modify the original url stored in
j_security_check to /myApp/index.html
- from within the valve call j_security_check

or

- within the valve check if ((HttpRequest)request).getDecodedRequestURI());
equals to "/myApp/j_ecurity_check"
- from within the valve call j_security_check
- then from within the valve call /myApp/index.html

However, a valve only offers me invokeNext(), which does not return to my
valve, and I also don't see an option to modified the original url stored in
j_security_check.

Does anyone have a clue how I might solve this problem? It does not
necessarily have to be a valvem any other solution would do.
I also thought about generating a "frameBreakout" in every html-page, but
that's quite some work since it's a few 100 pages...

Next, it's also essential that I sonehow get hold on the entered
user/password from j_security_check for our SSO-implementation.

Any suggestion highly appreciated, for a bit of code I'd sell my
mom-in-law....

TIA

Greg
-- 
what's puzzlin' you, is the nature of my game