Hi,
as I told you I'm not a wizard in configuring log4j.
using this configuration for log4j:
log4j.logger.org.apache=FINE, logApache
log4j.additivity.org.apache.catalina.util.LifecycleBase=false
log4j.appender.logApache=org.apache.log4j.DailyRollingFileAppender
log4j.appender.logApache.File=../logs/ApacheFine.log
log4j.appender.logApache.DatePattern='.'yyyy-MM-dd
log4j.appender.logApache.layout=org.apache.log4j.PatternLayout
log4j.appender.logApache.layout.ConversionPattern=[%p] %d %c %M - %m%n
outputs:
[DEBUG] 2014-02-27 16:27:48,063
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
[DEBUG] 2014-02-27 16:34:10,937 org.apache.ibatis.logging.LogFactory
setImplementation - Logging initialized using 'class
org.apache.ibatis.logging.log4j.Log4jImpl' adapter.
[DEBUG] 2014-02-27 16:34:10,937
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
[DEBUG] 2014-02-27 16:34:10,937
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
[DEBUG] 2014-02-27 16:34:10,937
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
[DEBUG] 2014-02-27 16:34:10,937
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
[DEBUG] 2014-02-27 16:36:05,254 org.apache.ibatis.logging.LogFactory
setImplementation - Logging initialized using 'class
org.apache.ibatis.logging.log4j.Log4jImpl' adapter.
[DEBUG] 2014-02-27 16:36:05,270
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
[DEBUG] 2014-02-27 16:36:05,270
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
[DEBUG] 2014-02-27 16:36:05,270
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
[DEBUG] 2014-02-27 16:36:05,270
org.apache.ibatis.datasource.pooled.PooledDataSource forceCloseAll -
PooledDataSource forcefully closed/removed all connections.
The AuthenticationFilter class is not that complicated
@WebFilter("/AuthenticationFilter")
public class AuthenticationFilter implements Filter {
private ServletContext context;
private static List<String> ALLOWED_URLS;
public void init(FilterConfig fConfig) throws ServletException {
this.context = fConfig.getServletContext();
// put the allowed JSP urls here:
ALLOWED_URLS = new ArrayList<String>();
ALLOWED_URLS.add(fConfig.getServletContext().getContextPath() +
"/login.jsp");
ALLOWED_URLS.add(fConfig.getServletContext().getContextPath() +
"/loginFail.jsp");
ALLOWED_URLS.add(fConfig.getServletContext().getContextPath() +
"/LoginServlet");
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException,
ServletException {
Logger log = Logger.getLogger(AuthenticationFilter.class);
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String uri = req.getRequestURI();
log.info("Requested Resource::" + uri + "-> allowed:" +
ALLOWED_URLS.contains(uri));
LdapAuthenticator authenticator = new
LdapAuthenticator(req.getSession());
if (ALLOWED_URLS.contains(uri) || authenticator.isLogged()) {
// pass the request along the filter chain
chain.doFilter(request, response);
} else {
log.info("Unauthorized access request");
res.sendRedirect(this.context.getContextPath() + "/login.jsp");
}
}
public void destroy() {
// close any resources here
}
}
2014-02-27 16:14 GMT+01:00 Mark Thomas <ma...@apache.org>:
> On 27/02/2014 15:01, Lorenzo Fini wrote:
> > Hi Mark,
> >
> > if I am just doing request.getSession() on the request that I receive,
> how
> > can it be an application error?
>
> That would depend on where the object named "request" was obtained from.
>
> > I do no store any request or session..
>
> In which case, I refer you to the answer I provided earlier:
>
> >> This is either an application bug or a bug in
> >> com.abovo.gc.plata.filter.AuthenticationFilter that is retaining and
> >> using a reference to a request object from a previous request rather
> >> than using the request object for the current request.
>
> The application code was not the only possible source of the bug.
>
> Strictly, since you failed to provide the full stack trace, there is a
> third option that some as yet undisclosed component is retaining the
> reference to the request object.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
