There is a SecurityFilter on source forge. Either you can look at how they do it, or maybe use it
http://securityfilter.sourceforge.net/ Niall ----- Original Message ----- From: "Christian Schlaefcke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 12, 2004 9:59 AM Subject: Struts, Tiles, javax.servlet.Filter: Redirect Problem > Hi Folks, > > This is the situation: > A struts application that uses tiles. A user needs to logon to work with > the app. A logged-on user has a value object "userSessionVO" with some > authenication parameter in the session. A not-logged-on user could be > identified by the missing session attribute. > > To prevent a bad guy catching an url from an logged-on user and call the > corresponding action directly from his browser I want to use a Filter. > That Filter looks in the session for the usersession attribute and if not > found redirects to the login page. > > The problem: > The filtering itself works fine, just when the filter tries to redirect my > application throws an java.net.SocketException: Conection aborted by peer: > socket write error > > Before this exception happens I can see the following Struts debug message: > Canīt insert page 'mypage.jsp': Conection aborted by peer: socket write > error at "InsertTag.java:945". > > This is the code that manages the redirect within the filter doFilter method: > > if(usersessionNotFound) { > HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper > ((HttpServletResponse)response); > wrapper.sendRedirect(wrapper.encodeRedirectURL(myRequest.getContextPath() > + "/myAction.do")); > response = wrapper.getResponse(); > } > > chain.doFilter(request, response); > > What is wrong? Is it my approach in general or just the way I redirect? > Without redirecting everything works fine > > Thanx & Regards, > > Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]