"Joerg Heinicke" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Tim Funk wrote: > > You can't intercept j_security_check with a filter, it violates the spec. > > > > -Tim > > This is at least one answer to my thread started last week: > http://www.mail-archive.com/[EMAIL PROTECTED]/msg104931.html. > What are the consequences/possibilities to set the request character > encoding with servlet standard API mechanisms instead of using the > Tomcat proprietary solution of using a Valve? >
This is a really interesting issue. I would hope that you would send a message to [EMAIL PROTECTED] to hopefully get the expert-team to clarify this before the 2.4 spec goes final. Because the Servlet-2.2 spec lacks the request.setCharacterEncoding method, Tomcat 3.3 jumps through a lot of hoops to try and guess the charset. These were dropped in Tomcat 4+, since the request.setCharacterEncoding method was supposed to solve all of these problems. As you have pointed out, it is not possible to use this in a Filter for the standard Form-auth config (for the simple reason that Auth is called before Filters). Therefore, the j_security_check target is flying blind wrt charset. > Joerg > > > Lawence wrote: > > > >> Dear All, > >> > >> I wrote a filter servlet that does some preprocessing. Basically it > >> intercepts the call of j_secuity_check. The problem is that most of > >> the time it was just bypassed. The only way to trigger it as I found > >> is to first fill the form and got authenticated, then go back and try > >> the authentication again. Anybody knows the solution? > >> Another question is how to sepcify the url pattern of > >> j_security_check. My login page is /secured/login.jsp, I think the > >> url should be /secured/j_security_check, am I right? > >> > >> Thanks in advance. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]