:) Thanks for your reply. It's a little more complicated than that :) Our client has very complex requirements. I already created an "ExtendedAuthenticationProcessingFilter" to handle some of these requirements :) But the problem with POST is quite tricky. I discovered its cause, which is as following: The problem occurs when I try to access the page containing the form while not being logged-in. This causes the ExceptionTranslationFilter to save the request on the session, under the ACEGI_SAVED_REQUEST_KEY. This SavedRequest has (of course) the method GET. Then the login form is presented, and after login the SavedRequestAwareWrapper does the following:
SavedRequest saved = (SavedRequest) session.getAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY); if ((saved != null) && saved.doesRequestMatch(request, portResolver)) { savedRequest = saved; session.removeAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY); ...... } This code looks perfectly ok, because the SavedRequest is removed from the session. But the problem is that after this filter, on the next request or somewhere, I can't determine where and why, the SavedRequest re-appears on the session!! I actually tried to debug through the Apache Tomcat code (I use Tomcat 6), and still could not determine why the SavedRequest re-appears. For now I have found the simple workaround of using some URL for the initial GET that displays the form, and a different URL for the action="..." method="POST". Sorin On Mon, 2008-04-21 at 15:07 +0200, olivier nouguier wrote: > yap, > I use to observe the same (odd) behaviour with standard j2ee form > login configuration ... but with acegi you can > "alwaysUseDefaultTargetUrl" to avoid this (setting default target to > "/init.action" or a like). > hih > > > > On Mon, Apr 21, 2008 at 12:36 PM, Sorin Postelnicu > <[EMAIL PROTECTED]> wrote: > Hi guys, > > Can anyone confirm to me that if I have a secured page and > this page contains a form with method="post" (and action=the > same page), then the POST will not work? > The behaviour that I noticed is that the POST is converted to > a GET when going through the filter chain. Is this true? > And is there any way to solve this? > If anyone else encountered this problem, thank you for any > solution or suggestion you can give me. > > Sorin Postelnicu > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) > Conference > Don't miss this year's exciting event. There's still time to > save $100. > Use priority code J8TL2D2. > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > > > > -- > "Quand le dernier arbre sera abattu, la dernière rivière asséchée, le > dernier poisson péché, l'homme va s'apercevoir que l'argent n'est pas > comestible" > - proverbe indien Cri > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ Home: > http://acegisecurity.org Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer