Our architecture is the following : The entry point is an Apache 2.0 web server, Our servlet container is Tomcat 5. Our customer is used to have web apps authentication using a REALM. In REALM you can't directly access a login page.
Therefore our customer IT team always set up apache web server to redirect any direct access to the login page to a protected ressource that will trigger a call to the login page from Tomcat so the client can bookmark the login page url and won't receive the "Invalid direct acces to login page". In tomcat 5 sending the client to the logging page is done via server side forward. So the sequence is : 1. client (maybe through bookmark) tries to access the login page 2. apache web server "clientsidly" redirects him to a protected ressource 3. tomcat 5 "serversidly" forwards him to the login page. 4. client logs in By moving to ACEGI we encountered an infinite loop between steps 3 and 1 because instead of having a forward to the loggin page, ACEGI redirects the client to the login page and then apache webserver redirects him to the protected ressource and then ACEGI redirects to the login page...and on and on and on. Because we weren't able (politics...) to have the IT Team to change the apache web server config to allow a direct access to the login page we were forced to subclass the AuthenticationProcessingFilterEntryPoint to "serversidly" forward the user to the login page instead of "sendredirecting" him. I hope I'm clearer (english is not my first language so I understand I might be confusing :) ) Pascal Gehl -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Alex Sent: Saturday, July 23, 2005 05:57 To: acegisecurity-developer@lists.sourceforge.net Subject: Re: [Acegisecurity-developer] Question about AuthenticationProcessingFilterEntryPoint.. Pascal Gehl wrote: >In our project we don't have easy access to the apache config files >(politics...) and by switching to acegi we have infinite loop because >1. client is accessing a protected ressource 2. acgi tells him to go to >login page 3. apache tells him to go to protected ressource 4. go back >to 2. > >We had to subclass the entry point to do a forward instead of a >sendRedirect. > > I don't understand what in Apache is doing step 3. Is this a standard Tomcat feature? If using Acegi Security, the recommended approach is to not use any container security at all - just let Acegi Security do the lot for you. It would be good if you could explain your configuration a little more. Cheers Ben ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
