Servlet filter on j_security_check
I am using form based authentication in my application. I would like to know if it is possible to install a Servlet filter on j_security_check. I have tried to install one, but it never gets invoked. Here is my filter definition in application web.xml: filter filter-nameLoginFilter/filter-name filter-classLoginFilter/filter-class descriptionPerforms pre-login and post-login operation/description /filter filter-mapping filter-nameLoginFilter/filter-name url-pattern/j_security_check/url-pattern /filter-mapping I have some logs in the doFilter function. It seems like doFilter never gets called. However, if I set the url-pattern property to /*, doFilter gets called while rendering pages, but doesn't seem to be invoked from j_security_check. Comments? Suggestions? Martin - Bring words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail.
Re: Servlet filter on j_security_check
You can't install a filter on j_security_check -Tim Martin Dubuc wrote: I am using form based authentication in my application. I would like to know if it is possible to install a Servlet filter on j_security_check. I have tried to install one, but it never gets invoked. Here is my filter definition in application web.xml: filter filter-nameLoginFilter/filter-name filter-classLoginFilter/filter-class descriptionPerforms pre-login and post-login operation/description /filter filter-mapping filter-nameLoginFilter/filter-name url-pattern/j_security_check/url-pattern /filter-mapping I have some logs in the doFilter function. It seems like doFilter never gets called. However, if I set the url-pattern property to /*, doFilter gets called while rendering pages, but doesn't seem to be invoked from j_security_check. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet filter on j_security_check
Yes, it is generically possible... I have the following mapping in one of my apps: filter-mapping filter-nameInitialLoginFilter/filter-name url-pattern/j_security_check/url-pattern /filter-mapping This runs on Websphere though, so maybe there is some limitation with Tomcat. In general though, it appears it is possible. One suggestion: change to a servlet mapping for the filter. IIRC, j_security_check is just a servlet that is set up by the container, so that might work. I kind of doubt it, but for the 30 seconds it'll take to try, worth a shot. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] On Thu, February 2, 2006 2:51 pm, Martin Dubuc said: I am using form based authentication in my application. I would like to know if it is possible to install a Servlet filter on j_security_check. I have tried to install one, but it never gets invoked. Here is my filter definition in application web.xml: filter filter-nameLoginFilter/filter-name filter-classLoginFilter/filter-class descriptionPerforms pre-login and post-login operation/description /filter filter-mapping filter-nameLoginFilter/filter-name url-pattern/j_security_check/url-pattern /filter-mapping I have some logs in the doFilter function. It seems like doFilter never gets called. However, if I set the url-pattern property to /*, doFilter gets called while rendering pages, but doesn't seem to be invoked from j_security_check. Comments? Suggestions? Martin - Bring words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet filter on j_security_check
Well, there you go Martin :) Tim, is this something peculiar to Tomcat that doesn't allow it? As I mentioned in my previous post, I in fact do this in an app running on Websphere. Or, maybe its a case of Websphere letting me do something it really shouldn't? -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] On Thu, February 2, 2006 2:53 pm, Tim Funk said: You can't install a filter on j_security_check -Tim Martin Dubuc wrote: I am using form based authentication in my application. I would like to know if it is possible to install a Servlet filter on j_security_check. I have tried to install one, but it never gets invoked. Here is my filter definition in application web.xml: filter filter-nameLoginFilter/filter-name filter-classLoginFilter/filter-class descriptionPerforms pre-login and post-login operation/description /filter filter-mapping filter-nameLoginFilter/filter-name url-pattern/j_security_check/url-pattern /filter-mapping I have some logs in the doFilter function. It seems like doFilter never gets called. However, if I set the url-pattern property to /*, doFilter gets called while rendering pages, but doesn't seem to be invoked from j_security_check. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet filter on j_security_check
If you want to be spec compliant. There is a bugzilla entry with respect to this and confirmation by the expert group that Tomcat's behavior is correct. -Tim Frank W. Zammetti wrote: Well, there you go Martin :) Tim, is this something peculiar to Tomcat that doesn't allow it? As I mentioned in my previous post, I in fact do this in an app running on Websphere. Or, maybe its a case of Websphere letting me do something it really shouldn't? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet filter on j_security_check
Interesting. Thanks for that info! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] On Thu, February 2, 2006 3:04 pm, Tim Funk said: If you want to be spec compliant. There is a bugzilla entry with respect to this and confirmation by the expert group that Tomcat's behavior is correct. -Tim Frank W. Zammetti wrote: Well, there you go Martin :) Tim, is this something peculiar to Tomcat that doesn't allow it? As I mentioned in my previous post, I in fact do this in an app running on Websphere. Or, maybe its a case of Websphere letting me do something it really shouldn't? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
