Hi again,
I thought about this a little more and I think what you're experiencing might
be as a result of the RequestDispatcher.
When the RequestDispatcher "fowards" to a URL resource, it overrides the
SSL/Authentication constraints you have setup. There is a way of getting
around this (which also adds an additional layer of maintenance programming
security in your code) by using Filters.
Basically, in your web.xml you define a filter for your SSL protected pages:
<filter>
<filter-name>MyFilterClass</filter-name>
<filter-class>my.package.MyFilterClass</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilterClass</filter-name>
<url-pattern>/ssl/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
Below is a sample implementation of the "doFilter" that takes care of the
redirecting:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse rsp = (HttpServletResponse) response;
rsp.sendRedirect(req.getRequestURI());
}
I hope this helps!
Justin
> From: [EMAIL PROTECTED]
> To: users@tomcat.apache.org
> Subject: RE: Form Based Authenticattion - j_security_check does not redirect
> from http to https
> Date: Tue, 9 Dec 2008 03:28:10 -0500
>
>
> Hello,
>
> Have you tried adding "j_security_check" to your web.xml for patterns which
> should be redirected to SSL?
>
> Regards,
>
> Justin
>
> > Date: Tue, 9 Dec 2008 00:17:36 -0800
> > From: [EMAIL PROTECTED]
> > To: users@tomcat.apache.org
> > Subject: Form Based Authenticattion - j_security_check does not redirect
> > from http to https
> >
> >
> > Hi,
> >
> >
> >
> > I am using Apache Tomcat Version 5.5.2. I am running it on Windows XP
> > Professional Service Pack 2.
> >
> >
> >
> > I have a form based authentication for my application:
> >
> >
> >
> > […]
> >
> > <login-config>
> >
> > <auth-method>FORM</auth-method>
> >
> > <realm-name>Authentication Area</realm-name>
> >
> > <form-login-config>
> >
> > <form-login-page>/login.jsp</form-login-page>
> >
> > <form-error-page>/login.jsp?action=error</form-error-page>
> >
> > </form-login-config>
> >
> > </login-config>
> >
> > […]
> >
> >
> >
> >
> >
> > Also, I have redirected all my requests for port-80 to port-443. So,
> > whenever I try to open a page in http, it automatically gets redirected to
> > https. This is working fine for all the pages.
> >
> >
> >
> > Except, when I open the http://localhost/<APP_NAME>/j_security_check page it
> > does not get redirected and stays on http. This is the only page showing
> > this deviation in behavior.
> >
> > For example, the http://localhost/<APP_NAME>/security_check page gets
> > redirected to https, and the same goes for my login page and all other pages
> > in my app.
> >
> >
> >
> > Is this a known issue or is there a configuration that I am unaware of.
> >
> >
> >
> > Thanks a lot.
> >
> >
> > --
> > View this message in context:
> > http://www.nabble.com/Form-Based-Authenticattion---j_security_check-does-not-redirect-from-http-to-https-tp20910454p20910454.html
> > Sent from the Tomcat - User mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
> _________________________________________________________________
>
_________________________________________________________________
