Hi guys, I'm having some really sever headache here.
This is what I'd like to do: On front we have an Apache 2.0.49 HHTP-server connected to Tomcat 5.0.28 via mod_jk. Now we'd like to create a SSO (Singgle-Sign-On) module, which does some freaky stuff for both Apache HTTP and Tomcat. However, I don't have any clue how to interact with j_security_check The "freaky stuff" actually is, that I want to forward the request to our " index.html". This is necessary, since our designers designed our app with a lot of embedded frames *sic*, and when the session times out, j_security_check routes me to the login-page, however, afterwards we don't get the framed view but the requested url in the window *without* the frames around it. My first idea was to create a servlet-filter, but after googeling my brains out I just saw ppl facing problems with this approach an none having any answers. Some guys said it's not defined in the Servlet-specs that filter work on "j_security_check", so Tomcat doesn't support that (however: Websphere does....) Anyway, I came up with the idea to write a simple valve which should do the following: - within the valve check if ((HttpRequest)request).getDecodedRequestURI()); equals to "/myApp/j_ecurity_check" - within the valve somehow modify the original url stored in j_security_check to /myApp/index.html - from within the valve call j_security_check or - within the valve check if ((HttpRequest)request).getDecodedRequestURI()); equals to "/myApp/j_ecurity_check" - from within the valve call j_security_check - then from within the valve call /myApp/index.html However, a valve only offers me invokeNext(), which does not return to my valve, and I also don't see an option to modified the original url stored in j_security_check. Does anyone have a clue how I might solve this problem? It does not necessarily have to be a valvem any other solution would do. I also thought about generating a "frameBreakout" in every html-page, but that's quite some work since it's a few 100 pages... Next, it's also essential that I sonehow get hold on the entered user/password from j_security_check for our SSO-implementation. Any suggestion highly appreciated, for a bit of code I'd sell my mom-in-law.... TIA Greg -- what's puzzlin' you, is the nature of my game