Thanks Andrè. the login page indeed has nothing inside, i just want to activate the filter, because inside the filter there is the logic to authenticate the user; Anyway i really appreciate your suggestion.
Francesco 2016-05-15 14:09 GMT+02:00 André Warnier (tomcat) <a...@ice-sa.com>: > On 15.05.2016 13:58, Francesco Viscomi wrote: > >> Hi all, >> I've declared a filter in web.xm as: >> >> <filter> >> <filter-name>ShibbolethHeaderReaderFilter</filter-name> >> <display-name>ShibbolethHeaderReaderFilter >> IdPC</display-name> >> <description></description> >> >> >> <filter-class>it.loset.idpcp.ri.filters.ShibbolethHeaderReaderFilterIdpc</filter-class> >> >> <init-param> >> <param-name>configurationFile</param-name> >> >> <param-value>resources/shibboleth-spp-config.xml</param-value> >> </init-param> >> </filter> >> >> <filter-mapping> >> <filter-name>ShibbolethHeaderReaderFilter</filter-name> >> <url-pattern>/protected/*</url-pattern> >> </filter-mapping> >> >> >> >> >> where it.loset.idpcp.ri.filters.ShibbolethHeaderReaderFilterIdpc >> is a jar file that i don't know the source; >> >> >> Now i do i call as: >> http://localhost:8080/srlo/protected/login.html >> >> and i get HTTP Status 404 the resource is not available. >> >> >> >> >> My question is, why the filter do not activated: in the url the is the >> word >> protect and the mapping of the filter is >> <url-pattern>/protected/*</url-pattern> >> >> > I don't know the details of it, and not much at all about Shibollet, but > usually in an authentication scenario which involves a login page to > authenticate a user, one would not include the login page in question, in > the area that is protected by the authentication. > This would ususally result in an endless logic loop. > Think about it. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Ing. Viscomi Francesco
