What do the wrapper classes actually do?
Is your Auth mechanism in them?
If not, how are you checking Auth?
Also, how does the filter know to avoid the request for the login page,
or the subsequent form submission?
If you're redirecting to a page that the filter applies to you'll end up
in a never ending loop...
p
David Smith wrote:
> I'm not seeing the complete sequence in your filter code, or even a
> redirect. Should be something like:
>
> doFilter(){
> MyRequestWrapper reqWrapper = new MyRequestWrapper(servletRequest);
> MyResponseWrapper respWrapper = new
> MyResponseWrapper(servletResponse);
>
> MyUserObj clientUser = MyUserObj.getValidUser( servletRequest ) ;
> if ( ( clientUser == null ) || ( clientUser.invalid() ) )
> servletResponse.sendRedirect( "myLoginPage.jsp" ) ;
> else {
> chain.doFilter(reqWrapper, respWrapper);
> respWrapper.addCookie(NAME, encrypt(myobj));
> }
> }
>
>
> Obviously I'm not familiar with the exact API of your code, but you get
> the idea. If the cookie isn't present or invalid, send a redirect to
> the login page. Otherwise chain on to the next step in the request
> process.
>
> --David
>
> Mani Balasubramani wrote:
>
>> Chris,
>>
>> This is the complete sequence
>>
>> 1)User goes to a URL (say www.some-partner-site.com)
>> 2)He selects our app link from there which redirects him to our site
>> (www.paybytouch.com)
>> 3)Filter is applied on all url's
>> 4)The filter has a wrapper class for both request and response.
>> 5)The doFilter calls a servlet which checks if the user is authenticated
>> 6)If the user is not authenticated, he is redirected to a login page
>> (say www.paybytouch.com/login)
>> 7)Once the user is authenticated, the servlet returns to the filter
>> which then creates a cookie and the reponse is sent back to the users's
>> browser.
>>
>>
>> What happens is that the login page is never displayed. I have validated
>> the flow (using debugger) and it seems to be correct.
>> So I was wondering if a response wrapper needs to do anything special in
>> order to do a redirect.
>>
>> My filter code does the following...
>>
>> doFilter(){
>> MyRequestWrapper reqWrapper = new MyRequestWrapper(servletRequest);
>> MyResponseWrapper respWrapper = new
>> MyResponseWrapper(servletResponse);
>>
>> //get cookie from request and decrypt it.
>>
>> chain.doFilter(reqWrapper, respWrapper);
>>
>> //create a cookie and encrypt it
>>
>> respWrapper.addCookie(NAME, encrypt(myobj));
>> }
>>
>> Any suggestions ?
>>
>> -Mani
>> This email and any attachment(s) thereto, are intended for the use of
>> the addressee(s) named herein and may contain legally privileged and or
>> confidential information under applicable law. If you are not the
>> intended recipient of this e-mail, you are hereby notified any
>> dissemination, distribution or copying of this email, and any
>> attachment(s)
>> thereto, is strictly prohibited. If you have received this communication
>> in error, please notify the sender at 415-281-2200 or via return
>> e-mail at
>> [EMAIL PROTECTED] and permanently delete the original copy and
>> any copy of any e-mail, and any printout thereof. Thank you for your
>> cooperation.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
