On 18 Oct 2001, Dr. Evil wrote:
Date: 18 Oct 2001 09:04:05 -
From: Dr. Evil [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Using a servlet for authorization
I am trying to use a servlet for authorization like this:
There is a servlet called authservlet which checks to see if there is
a valid user object in the session state. Here is how it is used:
I have a directory called /secure with a bunch of .jsp files in it.
There is a mapping in web.xml:
servlet-mapping
servlet-name
authservlet
/servlet-name
url-pattern
/secure/*
/url-pattern
/servlet-mapping
Every time someone tries to request a page like /secure/hello.jsp, the
request is instead handed to authservlet. That part is working fine.
authservlet gets the request and can decide what to do with it.
The problem is that I am trying to get authservlet to pass the request
back to the jsp by doing something like this:
RequestDispatcher rd =
request.getRequestDispatcher(/secure/hello.jsp);
rd.forward(request, response);
where in this case I have hard-coded in hello.jsp as the target, just
for testing (obviously I will replace this with something which looks
at what the real url is).
The problem is, when I then try to load /secure/hello.jsp, it looks
like the server goes into an infinite loop. It never returns the page
and I end up with a bunch of catalina processes running, which I have
to kill -9 to get rid of.
It's not the server that went into a loop -- it's your application.
The request dispatcher mechanism uses the same servlet mappings that are
used on the original request. Therefore, the request dispatcher for
/secure/hello.jsp will select your authentication servlet again, which
will get another request dispatcher, which will ...
The solution to this problem, at least in a Servlet 2.3 environment (like
Tomcat 4), is to use a Filter for performing this kind of authentication.
There was a thread on this over the last couple of days on TOMCAT-USER --
check the archives for some good ideas.
I'm sure I'm making some simple mistake here. Any sugestions?
Thanks
Craig