j_security_check and RequestDispatcher forward
Hi, I am using a servlet to intercept form based authentication in order to insert attribute into the request and then to redirect the request to j_security_check using RequestDispatcher. But I'm getting a 404 page with the following error: type Status report message /myApp/j_security_check description The requested resource (/MyApp/j_security_check) is not available. If I'm going directly to /MyApp/j_security_check using my browser - j_security_check is found Here is the code snippet: String params = j_username= + request.getParameter(j_username) + j_password= + request.getParameter(j_password); String encodedSecurityURL = response.encodeRedirectURL(/j_security_check? + params); RequestDispatcher dispatcher ; dispatcher = getServletContext().getRequestDispatcher(encodedSecurityURL); dispatcher.forward( request, response); Does anyone know why the code does not work but the direct call using the browser does work? Regards, Chen Paz
RE: j_security_check and RequestDispatcher forward
From: Chen Paz [mailto:chen@expand.com] Subject: j_security_check and RequestDispatcher forward I am using a servlet to intercept form based authentication in order to insert attribute into the request and then to redirect the request to j_security_check using RequestDispatcher. I wouldn't expect that to work, due to the special handling requirements of j_security_check, in particular that the container remember the original request of the protected resource and replay it automatically when authentication is successful. What you might want to try is a filter rather than a servlet, and have the filter modify the j_security_check request when it comes through. (Not completely sure that's possible, either.) Another option is to use a ServletRequestListener to manipulate requests as needed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: j_security_check and RequestDispatcher forward
Filter is not possible. AFAIK you can not use filter before j_security_check in Tomcat... -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Monday, August 15, 2011 4:50 PM To: Tomcat Users List Subject: RE: j_security_check and RequestDispatcher forward From: Chen Paz [mailto:chen@expand.com] Subject: j_security_check and RequestDispatcher forward I am using a servlet to intercept form based authentication in order to insert attribute into the request and then to redirect the request to j_security_check using RequestDispatcher. I wouldn't expect that to work, due to the special handling requirements of j_security_check, in particular that the container remember the original request of the protected resource and replay it automatically when authentication is successful. What you might want to try is a filter rather than a servlet, and have the filter modify the j_security_check request when it comes through. (Not completely sure that's possible, either.) Another option is to use a ServletRequestListener to manipulate requests as needed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check and RequestDispatcher forward
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 8/15/2011 9:49 AM, Caldarale, Charles R wrote: From: Chen Paz [mailto:chen@expand.com] Subject: j_security_check and RequestDispatcher forward I am using a servlet to intercept form based authentication in order to insert attribute into the request and then to redirect the request to j_security_check using RequestDispatcher. I wouldn't expect that to work, due to the special handling requirements of j_security_check, in particular that the container remember the original request of the protected resource and replay it automatically when authentication is successful. What you might want to try is a filter rather than a servlet, and have the filter modify the j_security_check request when it comes through. (Not completely sure that's possible, either.) Another option is to use a ServletRequestListener to manipulate requests as needed. This may have changed in 7.0.x, but IIRC you can't intercept a request to j_security_check using a Filter... you'll have to use a Valve and make sure it fires before the authentication valve. Otherwise, the authenticator will have processed the request before your filter (or valve) gets a chance to do anything with it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5JRbUACgkQ9CaO5/Lv0PDTpQCdH/QKcJ/Eh1a6siRy4IRmBVmW jF4An0DS/yoxiY/32En6xv8BhS2tRhlu =hKm2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check and RequestDispatcher forward
2011/8/15 Chen Paz chen@expand.com: Hi, I am using a servlet to intercept form based authentication in order to insert attribute into the request What parameter do you want to insert into the request ? I don't know, but maybe you can do the same with a custom realm Or, using by Spring Security - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org