It is a huge disappointment that the servlet 2.4 specification didn't address programmatic authentication. Dispatching requests to j_security_check is a pain in many use cases.
I really hope that a future version of tomcat would address this even if this didn't make it into the spec this time. On 火, 2004-01-13 at 15:16, Craig R. McClanahan wrote: > Quoting [EMAIL PROTECTED]: > > > > > Are Servlet filters supposed to be called for both GET and POST > > methods? They seem to be getting called for GETs only on Tomcat 5. > > -Chris > > For filters mapped to ordinary application URLs, the filter should indeed get > mapped on both GET and POST methods. For filters you attempt to put on > "/j_security_check" you are totally outside the bounds of the servlet > specification, and the only thing you can assume is that the behavior is > undefined. > > Personally, I consider it a bug that Tomcat 5 invokes filters on this, even if > it's just on a GET. > > Craig McClanahan > > > > > > > > > -----Original Message----- > > > From: Parmar, Dipakkumar [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, January 13, 2004 03:57 PM > > > To: 'Struts Users Mailing List' > > > Subject: RE: handling form based authentication w/ remember-me cookie > > > > > > Hi Max, > > > > > > I haven't tested it either. I read it about this in "IBM WebSphere V5.0 > > > Security handbook (page 64)". > > > > > > Regards, > > > Dipak Parmar > > > > > > > > > -----Original Message----- > > > From: Max Cooper [mailto:[EMAIL PROTECTED] > > > Sent: Monday, January 12, 2004 10:42 PM > > > To: Struts Users Mailing List; [EMAIL PROTECTED] > > > Subject: Re: handling form based authentication w/ remember-me cookie > > > > > > > > > Dipak, > > > > > > Are you certain that the filter will be invoked on the /j_security_check > > > request when container-based security is used? I have not tested this, but > > > it would not surprise me to find that some containers do not execute > > filters > > > on /j_security_check requests. I don't know if the Servlet Spec says > > > anything about this case. > > > > > > Chris, > > > > > > Another alternative to the original problem of security with "remember me" > > > functionality will be available soon. A patch has been submitted to my > > > SecurityFilter project (http://www.securityfilter.org/) to support > > "remember > > > me" functionality. The integration should be complete soon, and a beta > > > release will be made available once the integration is complete. > > > SecurityFilter works very much like container-managed security otherwise, > > > including the configuration format (except that you declare the > > constraints > > > in a separate config file rather than web.xml). > > > > > > -Max > > > > > > ----- Original Message ----- > > > From: "Parmar, Dipakkumar" <[EMAIL PROTECTED]> > > > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > > Sent: Monday, January 12, 2004 7:43 AM > > > Subject: RE: handling form based authentication w/ remember-me cookie > > > > > > > > > > Hi Chris, > > > > > > > > You can do this using Servlet Filter. What you need to do is write > > > > postLoginFilter that maps to the j_security_check url. > > > > > > > > In doFilter method, you can write your post login code after > > > > j_security_check done is work. > > > > > > > > Something like: > > > > public void doFilter(.....) > > > > > > > > // let the j_security_check to do it's work > > > > chain.doFilter(request, response) > > > > > > > > // do you post login stuff here > > > > > > > > Regards, > > > > Dipak Parmar > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Chris Ruegger [mailto:[EMAIL PROTECTED] > > > > Sent: Monday, January 12, 2004 9:53 AM > > > > To: Struts Users Mailing List > > > > Subject: handling form based authentication w/ remember-me cookie > > > > > > > > > > > > I am using Struts and building a logon page to do Form-based > > > authentication > > > > under Tomcat. I want to also have a checkbox for the user to check that > > > says > > > > "remember me" so that I can send them a cookie. I'm not sure how to > > > > "intercept" > > > > the form values because I have to post to j_security_check. How can I > > get > > > > the > > > > check-box value, set up the cookie, and send them to j_security_check > > with > > > > struts? > > > > > > > > Thanks > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
