On 18 Oct 2001, Dr. Evil wrote:
> Date: 18 Oct 2001 09:04:05 -0000
> From: Dr. Evil <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Using a servlet for authorization
>
>
> I am trying to use a servlet for authorization like this:
>
> There is a servlet called authservlet which checks to see if there is
> a valid user object in the session state. Here is how it is used:
>
> I have a directory called /secure with a bunch of .jsp files in it.
>
> There is a mapping in web.xml:
>
> <servlet-mapping>
> <servlet-name>
> authservlet
> </servlet-name>
> <url-pattern>
> /secure/*
> </url-pattern>
> </servlet-mapping>
>
> Every time someone tries to request a page like /secure/hello.jsp, the
> request is instead handed to authservlet. That part is working fine.
> authservlet gets the request and can decide what to do with it.
>
> The problem is that I am trying to get authservlet to pass the request
> back to the jsp by doing something like this:
>
> RequestDispatcher rd =
> request.getRequestDispatcher("/secure/hello.jsp");
> rd.forward(request, response);
>
> where in this case I have hard-coded in hello.jsp as the target, just
> for testing (obviously I will replace this with something which looks
> at what the real url is).
>
> The problem is, when I then try to load /secure/hello.jsp, it looks
> like the server goes into an infinite loop. It never returns the page
> and I end up with a bunch of catalina processes running, which I have
> to kill -9 to get rid of.
It's not the server that went into a loop -- it's your application.
The request dispatcher mechanism uses the same servlet mappings that are
used on the original request. Therefore, the request dispatcher for
"/secure/hello.jsp" will select your authentication servlet again, which
will get another request dispatcher, which will ...
The solution to this problem, at least in a Servlet 2.3 environment (like
Tomcat 4), is to use a Filter for performing this kind of authentication.
There was a thread on this over the last couple of days on TOMCAT-USER --
check the archives for some good ideas.
>
> I'm sure I'm making some simple mistake here. Any sugestions?
>
> Thanks
>
Craig
