Not being all that familiar with the code in either the Java or IIS filters, I can only really answer #2:
> 2. For both these filters you need to set the cosign filter as a > handler for requests for the location cosign/valid. However you need > to switch cosign protection off for the location cosign/valid. Is that > correct? Yes, that's correct. Requests for this location (the validation handler) occur before the user has a cosign service cookie set in the browser. These requests are intercepted by the cosign filter, which extracts cookie and service URL information from the query string. If there's no query, the filter should return a Forbidden URL error. If the service URL doesn't match the pattern set by ValidReference (& the java filter equivalent), the filter should redirect you to the validation error URL. If both service URL and cookie are validated, the filter should pass you to the service URL. andrew ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
