I'm not seeing the complete sequence in your filter code, or even a
redirect. Should be something like:
doFilter(){
MyRequestWrapper reqWrapper = new MyRequestWrapper(servletRequest);
MyResponseWrapper respWrapper = new
MyResponseWrapper(servletResponse);
MyUserObj clientUser = MyUserObj.getValidUser( servletRequest ) ;
if ( ( clientUser == null ) || ( clientUser.invalid() ) )
servletResponse.sendRedirect( "myLoginPage.jsp" ) ;
else {
chain.doFilter(reqWrapper, respWrapper);
respWrapper.addCookie(NAME, encrypt(myobj));
}
}
Obviously I'm not familiar with the exact API of your code, but you get
the idea. If the cookie isn't present or invalid, send a redirect to
the login page. Otherwise chain on to the next step in the request process.
--David
Mani Balasubramani wrote:
Chris,
This is the complete sequence
1)User goes to a URL (say www.some-partner-site.com)
2)He selects our app link from there which redirects him to our site
(www.paybytouch.com)
3)Filter is applied on all url's
4)The filter has a wrapper class for both request and response.
5)The doFilter calls a servlet which checks if the user is authenticated
6)If the user is not authenticated, he is redirected to a login page
(say www.paybytouch.com/login)
7)Once the user is authenticated, the servlet returns to the filter
which then creates a cookie and the reponse is sent back to the users's
browser.
What happens is that the login page is never displayed. I have validated
the flow (using debugger) and it seems to be correct.
So I was wondering if a response wrapper needs to do anything special in
order to do a redirect.
My filter code does the following...
doFilter(){
MyRequestWrapper reqWrapper = new MyRequestWrapper(servletRequest);
MyResponseWrapper respWrapper = new
MyResponseWrapper(servletResponse);
//get cookie from request and decrypt it.
chain.doFilter(reqWrapper, respWrapper);
//create a cookie and encrypt it
respWrapper.addCookie(NAME, encrypt(myobj));
}
Any suggestions ?
-Mani
This email and any attachment(s) thereto, are intended for the use of
the addressee(s) named herein and may contain legally privileged and or
confidential information under applicable law. If you are not the
intended recipient of this e-mail, you are hereby notified any
dissemination, distribution or copying of this email, and any attachment(s)
thereto, is strictly prohibited. If you have received this communication
in error, please notify the sender at 415-281-2200 or via return e-mail at
[EMAIL PROTECTED] and permanently delete the original copy and
any copy of any e-mail, and any printout thereof. Thank you for your
cooperation.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
