-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas,
On 5/14/12 9:44 AM, Thomas Rohde wrote: > A Filter was my first approach. But the filter is invoked after > authentication has taken place. And for authentication a session > is needed. ;-) Right: the form authenticator is in a Valve and Valves run before Filters. > A HttpSessionListener is invoked AFTER a session is created. Hrm. > It seems that every approach has some ugly pitfalls. :( Agreed. Perhaps a different exception type could be used? We are using IllegalStateException but there's no particular reason a different subclass of RuntimeException couldn't be used in this case: something that could then be mapped in web.xml using <error-page>. Since it would technically be a change to the API to throw something other than IllegalStateException, you might get some push-back on a solution like this. Please file a bug in bugzilla and we'll hash it out over there. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+xK40ACgkQ9CaO5/Lv0PAC7QCfRZTH+jxiw97jNt3oAhyCTGsk yqoAn2ztvQuphobb0VyINu89J9h3YBYg =Dozm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org