Assertion assertion = (Assertion) request.getSession().getAttribute("_const_cas_assertion_");Here, I get the assertion object as NULL. I also get the Principal User value as NULL.
I think the problem is that you're not using SSL: <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8180</param-value> </init-param> Consequently your servlet container has likely set the JSESSIONID cookie to secure=true (Tomcat does this by default), which is functionally equivalent to stateless interaction with your application. You absolutely must have sessions working if you have redirect=true in your validation filter. You can temporarily set redirect=false and see if it works to test this hypothesis. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
