<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/security/*</url-pattern>
<!-- These are needed by Tomcat 5 since it does a forward to login.jsp -->
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
On Jan 13, 2004, at 12:19 PM, [EMAIL PROTECTED] wrote:
Are Servlet filters supposed to be called for both GET and POST methods? They seem to be getting called for GETs only on Tomcat 5. -Chris
-----Original Message----- From: Parmar, Dipakkumar [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 03:57 PM To: 'Struts Users Mailing List' Subject: RE: handling form based authentication w/ remember-me cookie
Hi Max,
I haven't tested it either. I read it about this in "IBM WebSphere V5.0
Security handbook (page 64)".
Regards, Dipak Parmar
-----Original Message----- From: Max Cooper [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 10:42 PM To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Re: handling form based authentication w/ remember-me cookie
Dipak,
Are you certain that the filter will be invoked on the /j_security_check
request when container-based security is used? I have not tested this, but
it would not surprise me to find that some containers do not execute filters
on /j_security_check requests. I don't know if the Servlet Spec says
anything about this case.
Chris,
Another alternative to the original problem of security with "remember me"
functionality will be available soon. A patch has been submitted to my
SecurityFilter project (http://www.securityfilter.org/) to support "remember
me" functionality. The integration should be complete soon, and a beta
release will be made available once the integration is complete.
SecurityFilter works very much like container-managed security otherwise,
including the configuration format (except that you declare the constraints
in a separate config file rather than web.xml).
-Max
----- Original Message ----- From: "Parmar, Dipakkumar" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Monday, January 12, 2004 7:43 AM Subject: RE: handling form based authentication w/ remember-me cookie
Hi Chris,authentication
You can do this using Servlet Filter. What you need to do is write postLoginFilter that maps to the j_security_check url.
In doFilter method, you can write your post login code after j_security_check done is work.
Something like: public void doFilter(.....)
// let the j_security_check to do it's work chain.doFilter(request, response)
// do you post login stuff here
Regards, Dipak Parmar
-----Original Message----- From: Chris Ruegger [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:53 AM To: Struts Users Mailing List Subject: handling form based authentication w/ remember-me cookie
I am using Struts and building a logon page to do Form-basedunder Tomcat. I want to also have a checkbox for the user to check thatsays"remember me" so that I can send them a cookie. I'm not sure how to
"intercept"
the form values because I have to post to j_security_check. How can I get
the
check-box value, set up the cookie, and send them to j_security_check with
struts?
Thanks
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
