DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795 j_security_check isn't fed through filters ------- Additional Comments From [EMAIL PROTECTED] 2003-08-01 11:12 ------- Please see Section SRV6.2.4 in the Sun Servlet spec 2.3, which details the procedure a contain must follow when dealing with requests. In short it says that if an incoming URI matches a filter pattern the user specified filter should be invoked. It appears neither section says that the use of j_security_check should stop a filter being triggered, yet the filter section indicates that the filter should be. Other containers do trigger filters on j_security_check, evidence of this can be found at http://publib7b.boulder.ibm.com/wasinfo1/en/info/aes/ae/tsec_servlet.html (4th paragraph), http://mainframeforum.com/archive/1047/2003/4/545167 (comment from Scott Sobotka), and http://www.caucho.com/quercus/faq/question.xtp? question_id=1239 Snippet: - Identifies the target web resource according to the rules of SRV.11.2. - If there are filters matched by servlet name and the web resource has a servlet-name, the container builds the chain of filters matching in the order declared in the deployment descriptor. The last filter in this chain corresponds to the last servlet-name matching filter and is the filter that invokes the target web resource. - If there are filters using url-pattern matching and the url-pattern matches the request URI according to the rules of SRV.11.2, the container builds the chain of url-pattern matched filters in the same order as declared in the deployment descriptor. The last filter in this chain is the last url-pattern matching filter in the deployment descriptor for this request URI. The last filter in this chain is the filter that invokes the first filter in the servlet-name macthing chain, or invokes the target web resource if there are none. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
