Re: Session authentication - Struts or ServletFilter

Thu, 07 Oct 2004 10:47:56 -0700

You cannot map 100% of your web application (as it seems your are doing) to the filter, because the login page you are redirecting to would itself require login.

Also, your 404 mentions /do/processLogin but your filter is redirecting to /login.jsp. I'm a bit confused by that. Maybe if you could explain exactly what's going on we could help more.

Finally, what is the login.jsp page doing? Typically the container handles authentication, etc. Are you doing that yourself in the login page? If so, where is the user information being submitted to? Wherever that's being posted to should not be protected by the filter either.

Hope that helps,

sean


Sandro Duarte wrote:

Try this:

if (null == user) {
session.invalidate();
res.sendRedirect("/login.jsp");
} else {
chain.doFilter(request, response);
}

I was having some trouble with my auth filter until I realized this
problem: you should continue de filter chain only if everything is ok.

Sandro


On Thu, 07 Oct 2004 09:57:26 +0000, andy wix <[EMAIL PROTECTED]> wrote:


Hi,

That source forge Security Filter stuff looks pretty good, but I only have a
basic requirement (nothing so posh as realms).
I can't seem to get my (very basic) filter to work with Struts though.

I have the following in my doFilter method:

HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession();

User user= (User )session.getAttribute("User ");

if (null == user) {
 session.invalidate();
 res.sendRedirect("/login.jsp");
}
chain.doFilter(request, response);

It is mapped to all urls (/*) in the web.xml.

I get a 404:
The requested resource (/do/processLogin) is not available

- this after I have entered user/password and submitted form.  If anything,
I was expecting it to always be re-directed back to the login because I
guess I need to exclude "/do/processLogin" from the Filter?

It all works Ok without the filter.

Thanks,
Andy

_________________________________________________________________
Stay in touch with absent friends - get MSN Messenger 


http://www.msn.co.uk/messenger

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]











---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to