Hello,
I'm not going to bother responding to the many posts that said the solution I
mentioned was wrong, instead I'll just provide the example of how to do it,
since it works.
====
..... lines removed .....
package blah;
..... lines removed .....
public final class SomeFilterClass implements Filter {
..... lines removed .....
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse rsp = (HttpServletResponse) response;
rsp.sendRedirect(req.getRequestURI());
filterChain.doFilter(request, response);
}
..... lines removed .....
}
=====
And below is what the web.xml looks like:
=====
.... lines removed .....
<filter>
<filter-name>SomeFilterClass</filter-name>
<filter-class>blah.SomeFilterClass</filter-class>
</filter>
<filter-mapping>
<filter-name>SomeFilterClass</filter-name>
<url-pattern>/ssl/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
..... lines removed .....
<security-constraint>
<web-resource-collection>
<web-resource-name>RequiresLogin</web-resource-name>
<url-pattern>/html/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>somerole</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>RequiresSSL</web-resource-name>
<url-pattern>/ssl/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>somerole</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/ssl/login.jsp</form-login-page>
<form-error-page>/ssl/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
..... lines removed .....
=====
Of course you'll need to change the login/security constraint URLs and role
name to match those in your environment.
For anyone who stated the earlier statements were incorrect, I encourage you to
provide another "better" working example. This one works for me and is used by
other industry professionals.
Regards,
Justin
Here is an example:
> Date: Wed, 7 Jan 2009 09:35:33 +0100
> From: rc4...@googlemail.com
> To: users@tomcat.apache.org
> Subject: Re: j_security_check with https
>
> Hi Justin,
>
> On Wed, Jan 7, 2009 at 4:13 AM, Justin Randall <ran...@hotmail.com> wrote:
> >
> > Create a Filter subclass with the sole purpose of having its "doFilter"
> > method call "sendRedirect" on the HttpServletResponse object. Map this
> > Filter to the same URL pattern you use for SSL and make sure to use the
> > <dispatcher> tags for FORWARD, INCLUDE, ERROR, and whatever other
> > RequestDispatcher operations you want to ensure use SSL.
> >
>
> You've got any example using this solution?
>
> Gregor
> --
> just because your paranoid, doesn't mean they're not after you...
> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
_________________________________________________________________
Keep in touch and up to date with friends and family. Make the connection now.
http://www.microsoft.com/windows/windowslive/
