Re: Authentication Filter not working

Fri, 22 Aug 2003 15:22:56 -0700 

I would prefer to use the security constraints to protect
sensitive area. And in the logout action class, invalidate
the user's session and then forward to /logout.html.

In the logout.html page, you could add JavaScript
statement on top of it:

location.replace('/thank_you.html');

Once the thank_you.html is shown, the Back button
is disabled. The user will have no chance to back.
Make sure the thank_you.html is outside the security
constraints.

Jing
Netspread Carrier
http://www.netspread.com


----- Original Message ----- 
From: "Cezar Nasui" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Friday, August 22, 2003 2:15 PM
Subject: Authentication Filter not working


> Hi all,
>
> I try to use a filter for the authentication so I created a class which
> implements filter with the following doFilter method (I found this in a
> post)
>
> <code>
> public void doFilter(ServletRequest _request, ServletResponse _response,
>   FilterChain _chain)
>   throws IOException, ServletException
>  {
>     String redirectFailure = "/logon.jsp";
>
>     HttpSession session =
((HttpServletRequest)_request).getSession(false);
>     if ((session == null) || (session.getAttribute("loggedIn")== null) )
>     {
>     context.getRequestDispatcher(redirectFailure)
>        .forward(_request,_response);
>      }
>      else {
>      _chain.doFilter(_request, _response);
>      }
> }
> </code>
>
> I added this in the web.xml file:
> <code>
>   <filter>
>     <filter-name>SessionFilter</filter-name>
>     <filter-class>dbmanager.SessionFilter</filter-class>
>   </filter>
>   <filter-mapping>
>     <filter-name>SessionFilter</filter-name>
>     <url-pattern>/DBManager/*</url-pattern>
>   </filter-mapping>
> </code>
>
> and I also :
> - setted nocache to true for the Action servlet
> - in lofgoff I invalide the session I create in login along with the
> loggedIn variable
>
> The problem : when I log out and then do a back to the last page
everything
> is working  !!!
>
> I overlooked something, any ideas?
>
> Thanks,
> Cezar
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to